Method and system for securing local database file of local content stored on end-user system

ABSTRACT

A method and system for forming a data table in memory on an end user system. The data table forming a library index of storage locations to electronic digital content in memory. The method consists of retrieving an encrypted file from storage. The file has a beginning, an end and a trailer section located just prior to the end. The file is read from the end a predetermined distance to verify if an identifier is present. Reading and decrypting the trailer section from the file read. Determining if there are any updates in the trailer section. In the case there are no updates in the trailer section then decrypting the reference table containing one or more data table location indicators for data items with the first decrypting key. Next, decrypting one or data items with the first decrypting key. Populating the data table with data items at locations specified in the reference table.

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This is a continuation-in-part of application Ser. No.09/376,102, filed Aug. 17, 1999, which is a continuation-in-part of Ser.No. 09/177,096, filed Oct. 22, 1999, now ______, which is acontinuation-in-part of application Ser. No. 09/133,519, filed Aug. 13,1998, now U.S. Pat. No. 6,226,618. The entire disclosure of priorapplication Ser. No. 09/376,102 is herein incorporated by reference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The invention disclosed broadly relates to the field ofelectronic commerce and more particularly to a system and related toolsfor the secure delivery and rights management of digital assets, such asprint media, films, games, and music over computer readable medium suchas CDS and DVDs and over global communications networks such as theInternet and the World Wide Web.

[0004] 2. Description of the Related Art

[0005] The use of global distribution systems such as the Internet fordistribution of digital assets such as music, film, computer programs,pictures, games and other content continues to grow. At the same timeowners and publishers of valuable digital content have been slow toembrace the use of the Internet for distribution of digital assets forseveral reasons. One reason is that owners are afraid of unauthorizedcopying or pirating of digital content. The electronic delivery ofdigital content removes several barriers to pirating. One barrier thatis removed with electronic distribution is the requirement of thetangible recordable medium itself(e.g., diskettes or CD ROMs). It costsmoney to copy digital content on to tangible media, albeit, in manycases less than a dollar for a blank tape or recordable CD. However, inthe case of electronic distribution, the tangible medium is no longerneeded. The cost of the tangible medium is not a factor because contentis distributed electronically. A second barrier, is the format of thecontent itself i.e. is the content stored in an analog format versus adigital format. Content stored in an analog format, for example, aprinted picture, when reproduced by photocopying, the copy is of lesserquality than the original. Each subsequent copy of a copy, sometimescalled a generation, is of less quality than the original. Thisdegradation in quality is not present when a picture is storeddigitally. Each copy, and every generation of copies can be as clear andcrisp as the original. The aggregate effect of perfect digital copiescombined with the very low cost to distribute content electronically andto distribute content widely over the Internet makes it relatively easyto pirate and distribute unauthorized copies. With a couple ofkeystrokes, a pirate can send hundreds or even of thousands of perfectcopies of digital content over the Internet. Therefore a need exists toensure the protection and security of digital assets distributedelectronically.

[0006] Providers of digital content desire to establish a secure, globaldistribution system for digital content that protects the rights ofcontent owners. The problems with establishing a digital contentdistribution system includes developing systems for digital contentelectronic distribution, rights management, and asset protection.Digital content that is distributed electronically includes content suchas print media, films, games, programs, television, multimedia, andmusic.

[0007] The deployment of an electronic distribution system provides thedigital content providers the ability to achieve fast settlement ofpayment through immediate sales reporting and electronic reconciliationas well as gain secondary sources of revenue through redistribution ofcontent. Since the electronic digital content distribution system is notaffected by physical inventory outages or returns, the digital contentproviders and retailers may realize reduced costs and improved margins.Digital content providers could facilitate new, or augment existing,distribution channels for better timed-release of inventory. Thetransactional data from the electronic distribution system could be usedto obtain information regarding consumer buying patterns as well as toprovide immediate feedback on electronic marketing programs andpromotions. In order to meet these goals, a need exists for digitalcontent providers to use an electronic distribution model to makedigital content available to a wide range of users and businesses whileensuring protection and metering of digital assets.

[0008] Other commercially available electronic distribution systems fordigital content, such as real audio, A2B from AT&T, Liquid Audio Profrom Liquid Audio Pro Corp., City Music Network from Audio Soft andothers offer transmission of digital data over secured and unsecuredelectronic networks. The use of secured electronic networks greatlyreduces the requirement of digital content providers of distributingdigital to a wide audience. The use of unsecured networks such as theInternet and Web allows the digital content to arrive to an end-usersecurely such as through the use of encryption. However, once theencrypted digital content is de-encrypted on the end-user's machine,thedigitalcontentisreadilyavailabletotheend-userforunauthorizedre-distribution.Therefore a need exists for a secure digital content electronicdistribution system that provides protection of digital assets andensures that the Content Provider(s)' rights are protected even afterthe digital content is delivered to consumers and businesses. A needthus exists for rights management to allow for secure delivery,licensing authorization, and control of the usage of digital assets.

[0009] Another reason owners of digital content have been slow toembrace electronic distribution is their desire to maintain and fosterexisting channels of distribution. Most content owners sell throughretailers. In the music market these U.S. retailers include TowerRecords, Peaches, Blockbuster, Circuit City and others. Many of theseretailers have Web sites that allow Internet users to makes selectionsover the Internet and have selections mailed to the end-user. Examplemusic Web sites include @tower, Music Boulevard and Columbia House. Theuse of electronic distribution can remove the ability of the retailstores from differentiating themselves from each other and differentiatethemselves from the content owners, especially on the Web. Therefore aneed exists to provide retailers of electronic content such as pictures,games, music, programs and videos a way to differentiate themselves fromeach other and the content owners when selling music through electronicdistribution.

[0010] Content owners prepare their digital content for electronicdistribution through distribution sites such as electronic stores.Electronic stores on the Internet, or through other online services,want to differentiate themselves from each other by their productofferings and product promotions. A traditional store, i.e.—thenon-electronic, non-online analogs to electronic stores—use productpromotions, product sales, product samples, liberal return policies andother promotional programs to differentiate themselves from theircompetitors. However, in the online world where the content providersimpose usage conditions on the digital content, the ability ofelectronic stores to differentiate themselves maybe severely limited.Moreover, even if the usage conditions can be changed, electronic storesare faced with the difficult task of processing the metadata associatedwith the digital content from the content providers to promote and sellproducts electronically. Electronic stores need to manage severalrequirements when processing the metadata. First, the electronic storeis required to receive the metadata associated with the digital contentfrom the content providers. Many times, parts of this metadata may besent encrypted, so the content provider must create a mechanism todecrypt the encrypted content. Second, the electronic store may wish topreview metadata from the content provider either before the content isreceived from the content provider or after the content is received bythe electronic store, in order to assist with product marketing, productpositioning and other promotional considerations for the content. Third,the electronic store is required to extract certain metadata used forpromotional materials such as graphics and artist information. Often,this promotional material is used directly by the electronic store inits online promotions. Fourth, the electronic stores may wish todifferentiate themselves from one another by modifying some of thepermitted usage conditions to create different offerings of the digitalcontent. Fifth, the electronic store may have to insert or alter certainaddress, such as URLs, in the metadata to direct payment reconciliationto an account reconciliation house automatically by the purchaserwithout the need to go through the electronic store for paymentclearance. Sixth, the electronic store may need to create licenses forthe permitted use of the copyrighted digital content that match usageconditions. For example, the license may grant the permission to make alimited number of copies of the digital content. A license is needed toreflect the terms and conditions of the permission granted.

[0011] In light of all these requirements, to process the metadatarelated to the digital content, many electronic stores write customizedsoftware programs to handle these requirements. The time, cost andtesting needed to create these customized software programs can belarge. Accordingly, a need exists to provide a solution to theserequirements.

[0012] Still, another reason owners of digital content have been slow toembrace electronic distribution is the difficulty in preparing contentfor electronic distribution. Today, many providers of content havethousands or even tens of thousands of titles in their portfolio. In amusic example, it is not unusual for a content owner to have a singlemaster sound recording available on several different formatssimultaneously (e.g. CD, tape and MiniDisc). In addition, a singleformat can have a master sound recording re-mastered or re-mixed for aspecific distribution channel. As an example, the mixing for broadcastradio maybe different than the mixing for a dance club sound track,which may be different than a generally available consumer CD.Inventorying and keeping track of these different mixes can beburdensome. Moreover, many owners of master recordings often timesre-issue old recordings in various subsequent collections, such as “TheBest Of”, or in compilations for musical sound tracks to movies andother collections or compilations. As more content is offered digitally,the need to re-mix and encode the content for electronic distributiongrows. Many times providers need to use old recording formats as guidesto select the correct master sound recordings and have these soundrecordings reprocessed and encoded for release for electronicdistribution. This maybe especially true for content providers that wishto use their old formats to assist them in re-releasing the old soundrecording for electronic distribution. Providers will look throughdatabases to match up titles, artists and sound recordings to set theencoding parameters. This process of manually searching databases forrecording portfolios is not without its shortcomings. One shortcoming isthe need to have an operator manually search a database and set theprocessing parameters appropriately. Another shortcoming is thepossibility of operator transcription error in selecting data from adatabase. Accordingly, a need exists to provide content providers amethod to automatically retrieve associated data and master recordingsfor content such as audio.

[0013] Content owners prepare their digital content for electronicdistribution through a process known as encoding. Encoding involvestaking the content, digitizing it, if the content is presented in ananalog format, and compressing it. The process of compressing allows thedigital content to be transferred over networks and stored on recordablemedium more efficiently because the amount of data transmitted or storedis reduced. However, compression is not without its shortcomings. Mostcompression involves the loss of some information, and is called lossycompression. Content providers must make decisions on what compressionalgorithm to use and the compression level required. For example, inmusic, the digital content or song may have very differentcharacteristics depending on the genre of the music. The compressionalgorithm and compression level selected for one genre may not be theoptimal choice for another genre of music. Content providers may findcertain combinations of compression algorithms and compression levelswork very well for one genre of music, say classical, but provideunsatisfactory results for another genre of music such as heavy metal.Moreover, audio engineers must often equalize the music, perform dynamicrange adjustments and perform other preprocessing and processingsettings to ensure the genre of music encoded produces the desiredresults. The requirement to always have to manually set these encodingparameters such as setting the equalization levels and the dynamic rangesettings for each digital content can be burdensome. Returning to themusic example, a content provider for music with a collection covering avariety of musical genre would have to manually select for each song orset of songs to be encoded, the desired combination of encodingparameters. Accordingly, a need exists to overcome the need for manuallyselection of process parameters for encoding.

[0014] The process to compress content can require a large amount ofdedicated computational resources, especially for larger content itemssuch as full-length feature movies. Providers of compression algorithmsoffer various tradeoffs and advantages associated with their compressiontechniques. These tradeoffs include: the amount of time andcomputational resources needed to compress the content; the amount ofcompression achieved from the original content; the desired bit rate forplayback; the performance quality of the compressed content; and otherfactors. Using an encoding program which take as input a multimedia fileand generate an encoded output file with no interim indication ofprogress or status is a problem. Moreover, in many circumstances, otherprograms are used to call or to manage an encoding program with nointerim indication of progress. This leaves the calling application withno way to gauge the amount of content that has been encoded as apercentage of the entire selection of designated to be encoded. Incircumstances where the calling program is trying to schedule severaldifferent programs to run at once this can be a problem. Furthermore,this can be especially burdensome in cases where batches of content havebeen selected for encoding and the content provider wants to determinethe progress of the encoding process. Accordingly, a need exists toovercome these problems.

[0015] Still another reason digital content providers have been slow toadopt electronic distribution for their content is lack of standards forcreating digital players on end-user devices for electronicallydelivered content. Content providers, electronic stores, or others inthe electronic distribution chain may want to offer customized playerson a variety of devices such as PCS, set-top boxes, hand-held devicesand more. A set of tools that can handle the decryption of the digitalcontent in a tamper resistant environment, that is, an environment todeter the unauthorized access to the content during playing by a thirdparty is needed. Moreover, a set of tools is needed to enable an enduser to manage of a local library of digital content without allowingthe end user to have access to the content for uses other than what waspurchased.

[0016] Still, another problem is with digital content electronicdistribution systems is the length of time it takes to download contentover standard telephone and cable lines. It is not uncommon for musicthat is compressed to be downloaded over telecommunication lines to take15 minutes or more to download over standard telephone lines. The amountof time necessary for downloading video is even higher. Although otherhigher bandwidth delivery systems such as cable Internet access andbroadband is growing in popularity, these system are still not widelyavailable in many towns and cities. Furthermore, many of the higherbandwidth delivery systems may cost both the provider of digital contentand the buyer of digital content high costs because of connect time.Accordingly, a need exists for a method and apparatus to deliverycontent in a secured manner which has many of the advantages ofelectronic distribution without the need for large bandwidthtelecommunications connections. The providing of a solution fordistribution of digital content both over telecommunications line and oncomputer readable may result in two disparate systems being deployed. Aneed exists for a system that provides the distribution of digitalcontent either via a telecommunications line or via computer readablemedium without having to duplicate the tools and components for: (1)rights management for the protection of ownership rights of the contentproprietor; (2) transaction metering for immediate and accuratecompensation; and (3) an open architecture.

[0017] Further information on the background of protecting digitalcontent can be found from the following three sources. “Music on theInternet and the Intellectual Property Protection Problem” by Jack Lacy,James Snyder, David Maher, of AT&T Labs, Florham Park, N.J. availableonline URL http://www.a2bmusic.com/about/papers/musicipp.htm.Cryptographically protected container, called DigiBox, in the article“Securing the Content, Not the Wire for Information Commerce” by OlinSibert, David Bernstein and David Van Wie, InterTrust Technologies Corp.Sunnyvale, Calif. available online URLhttp://www.intertrust.com/architecture/stc.html. And “CryptolopeContainer Technology”, an IBM White Paper, available online URLhttp:///cyptolope.ibm.com/white.htm.

[0018] Simple local libraries are often used to manage multimediaelectronic content such as pictures, videos, sound recordings, music,and other multimedia content on client machines. Simple libraries existwith the name of the file and the ability to play a selection, or deletea selection, or add selection, such as the Microsoft Windows Explorerinterface used by the Microsoft Windows Media Player (refer to onlineURL www.microsoft.com for more information). Although these simplelibrary techniques are useful, they are not without their shortcomings.One shortcoming is the inability to manage electronic content in atamper resistant environment.

[0019] One type of tamper-resistant environment is software technologyfrom IBM. This software technology was first introduced is in the IBMThinkPad 770 laptop computer. Here, the tamper-resistant software wasused to protect the DVD movie player in the computer. Digital contentproviders such as Hollywood studios are concerned about the advent ofdigital movies and the ease in which perfect copies can be made. Tominimize the possibility of creating unauthorized copies, many digitalcontent providers have insisted that movies on DVD disc(s) contain copyprotection mechanisms. IBM's tamper-resistant software makes itdifficult to circumvent these copy protection mechanisms.

[0020] The use of tamper resistant environments while making itdifficult for potential unauthorized users such as hackers from gainingaccess to decrypted electronic content, the management of the electroniccontent from a file system is many times very time consuming. Instead ofsearching the entire library for a specific piece of content, indexes tothe content are used and often times kept in local memory to providefaster access to selected content. Library indexes that point to variouspieces of electronic content such as the song title, the song artist,the song track, the song lyrics and more, many times grow large enoughto make the complete decryption and encryption of each member of theindex very time consuming. Moreover, many times the entire index of thelibrary must be decrypted prior to being played, which again for a largecollection of content can be very time consuming. Accordingly, a needexists for a method and system to overcome the shortcomings of usinglibraries of electronic content in a tamper resistant environment.

[0021] Another problem with using indexes into a library of electroniccontent is tracking electronic content that is licensed for a limitednumber of plays or a limited time. Many times users circumvent thislimited time license by re-download the identical electronic content. Sofor example, a given song is licensed on a promotional basis where itcan be played only five times before the user must purchase the song. Inprior art systems, a user can circumvent the limited number of plays byre-downloading the song into the library. Each where the limited numberis exhausted. The newly downloaded song can now be replayed.Accordingly, a need exists for a method and system to overcome theshortcoming of using electronic content.

SUMMARY OF THE INVENTION

[0022] Briefly according to the present invention, method and system forforming a data table in memory on an end user system. The data tableforming a library index of storage locations to electronic digitalcontent in memory. The method consists of retrieving an encrypted filefrom storage. The file has a beginning, an end and a trailer sectionlocated just prior to the end. The file is read from the end apredetermined distance to verify if an identifier is present. Readingand decrypting the trailer section from the file read. Determining ifthere are any updates in the trailer section. In the case there are noupdates in the trailer section then decrypting the reference tablecontaining one or more data table location indicators for data itemswith the first decrypting key. Next, decrypting one or data items withthe first decrypting key. Populating the data table with data items atlocations specified in the reference table.

[0023] In the case there are updates present in the trailer section thengetting an offset to an update reference table. Decrypting an updatereference table containing one or more data table location indicatorsfor update data items with the first decrypting key. Next, decryptingone or update data items with the first decrypting key. Populating thedata table with update data items at locations specified in the updatereference table with update data.

BRIEF DESCRIPTION OF THE DRAWINGS

[0024]FIG. 1 is a block diagram illustrating an over view of a SecureDigital Content Electronic Distribution System according to the presentinvention.

[0025]FIG. 2 is a block diagram illustrating an example SecureContainer(SC) and the associated graphical representations according tothe present invention.

[0026]FIG. 3 is a block diagram illustrating an overview of theencryption process for a Secure Container (SC) according to the presentinvention.

[0027]FIG. 4 is a block diagram illustrating an overview of thede-encryption process for a Secure Container (SC) according to thepresent invention.

[0028]FIG. 5 is a block diagram illustrating an overview of the layersfor the Rights Management Architecture of the Secure Digital ContentDistribution System of FIG. 1 according to the present invention.

[0029]FIG. 6 is a block diagram illustrating an overview of the ContentDistribution and Licensing Control as it applies to the License ControlLayer of FIG. 5.

[0030]FIG. 7 is an illustration of an example user interface for theWork Flow Manager Tool of FIG. 1 according to the present invention.

[0031]FIG. 8 is a block diagram of the major tools, components andprocesses of the Work Flow Manager corresponding to the user interfacein FIG. 7 according to the present invention.

[0032]FIG. 9 is a block diagram illustrating the major tools, componentsand processes of an Electronic Digital Content Store of FIG. 1 accordingto the present invention.

[0033]FIG. 10 is a block diagram illustrating the major components andprocesses of an End-User Device(s) of FIG. 1 according to the presentinvention.

[0034]FIG. 11 is a flow diagram of a method to calculate an encodingrate factor for the Content Preprocessing and Compression tool of FIG. 8according to the present invention.

[0035]FIG. 12 is a flow diagram of a method to automatically retrieveadditional information for the Automatic Metadata Acquisition Tool ofFIG. 8 according to the present invention.

[0036]FIG. 13 is a flow diagram of a method to automatically set thePreprocessing and Compression parameters of the Preprocessing andCompression Tool of FIG. 8 according to the present invention.

[0037]FIG. 14 is an example of user interface screens of the PlayerApplication downloading content to a local library as described in FIG.15 according to the present invention.

[0038]FIG. 15 is a block diagram illustrating the major components andprocesses of a Player Application running on End-User Device of FIG. 9according to the present invention.

[0039]FIG. 16 is an example user interface screens of the PlayerApplication of FIG. 15 according to the present invention.

[0040]FIG. 17 is a flow diagram of an alternate embodiment toautomatically retrieve additional information for the Automatic MetadataAcquisition Tool of FIG. 8 according to the present invention.

[0041]FIG. 18 is a block diagram of an alternative embodiment of FIG. 10to distribute content on a computer readable storage medium, accordingto the present invention.

[0042]FIG. 19 is a flow diagram of the alternative embodiment of FIG. 18for acquiring rights to digital content, according to the presentinvention.

[0043]FIG. 20 is a functional block diagram of the Data Table stored infast local memory, according to the present invention.

[0044]FIG. 21 is a functional block diagram illustrating therelationship between a Data Table of FIG. 20, a Reference Table and oneor more Update Reference Tables, according to the present invention.

[0045]FIG. 22 is a schema of the hierarchical relationship of theDigital Content Library and the Content, Data, Reference Table andUpdate Content Files, according to th present invention.

[0046]FIG. 23 is flow diagram of the write flow from a Data Table storedin memory to the Digital Content Library File without an Update ContentFiles, according to the present invention.

[0047]FIG. 24 is flow diagram of the write flow from a Data Table storedin memory to the Digital Content Library File with one or more UpdateContent Files, according to the present invention.

[0048]FIG. 25 is flow diagram of the read from the Digital ContentLibrary File to a Data Table stored in memory to without an UpdateContent Files, according to the present invention.

DETAILED DESCRIPTION OF AN EMBODIMENT

[0049] A Table of Contents is provided for this present invention toassist the reader in quickly locating different sections in thisembodiment. I. SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM A.System Overview  1. Rights Management  2. Metering  3. Open ArchitectureB. System Functional Elements  1. Content Provider(s)  2. ElectronicDigital Content Store(s)  3. Intermediate Market Partners  4.Clearinghouse(s)  5. End-User Device(s)  6. Transmission InfrastructuresC. System Uses II. CRYPTOGRAPHY CONCEPTS AND THEIR APPLICATION TO THESECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM A. SymmetricAlgorithms B. Public Key Algorithms C. Digital Signature D. DigitalCertificates E. Guide To The SC(s) Graphical Representation F. Exampleof a Secure Container Encryption III SECURE DIGITAL CONTENT ELECTRONICDISTRIBUTION SYSTEM FLOW IV. RIGHTS MANAGEMENT ARCHITECTURE MODEL A.Architecture Layer Functions B. Function Partitioning and Flows  1.Content Formatting Layer  2. Content Usage Control Layer  3. ContentIdentification Layer  4. License Control Layer C. Content Distributionand Licensing Control V. SECURE CONTAINER STRUCTURE A. General StructureB. Rights Management Language Syntax and Semantics C. Overview of SecureContainer Flow and Processing D. Metadata Secure Container 620 Format E.Offer Secure Container 641 Format F. Transaction Secure Container 640Format G. Order Secure Container 650 Format H. License Secure Container660 Format I. Content Secure Container Format VI. SECURE CONTAINERPACKING AND UNPACKING A. Overview B. Bill of Materials (BOM) Part C. KeyDescription Part VII. CLEARINGHOUSE(S) A. Overview B. Rights ManagementProcessing C. Country Specific Parameters D. Audit Logs and Tracking E.Reporting of Results F. Billing and Payment Verification G.Retransmissions VIII. CONTENT PROVIDER A. Overview B. Work Flow Manager 1. Products Awaiting Action/Information Process  2. New Content RequestProcess  3. Automatic Metadata Acquisition Process  4. Manual MetadataEntry Process  5. Usage Conditions Process  6. Supervised ReleaseProcess  7. Metadata S C(s) Creation Process  8. Watermarking Process 9. Preprocessing and Compression Process 10. Content Quality ControlProcess 11. Encryption Process 12. Content SC(s) Creation Process 13.Final Quality Assurance Process 14. Content Dispersement Process 15.Work Flow Rules C. Metadata Assimilation and Entry Tool  1. AutomaticMetadata Acquisition Tool  2. Manual Metadata Entry Tool  3. UsageConditions Tool  4. Parts of the Metadata SC(s)  5. Supervised ReleaseTool D. Content Processing Tool  1. Watermarking Tool  2. Preprocessingand Compression Tool  3. Content Quality Control Tool  4. EncryptionTool E. Content SC(s) Creation Tool F. Final Quality Assurance Tool G.Content Dispersement Tool H. Content Promotions Web Site I. ContentHosting  1. Content Hosting Sites  2. Content Hosting Site(s) 111provided by the Secure Digital Content Electronic Distribution SystemIX. ELECTRONIC DIGITAL CONTENT STORE(S) A. Overview - Support forMultiple Electronic Digital Content Store(s) B. Point-to-PointElectronic Digital Content Distribution Service  1. IntegrationRequirements  2. Content Acquisition Tool  3. Transaction ProcessingModule  4. Notification Interface Module  5. Account Reconciliation ToolC. Broadcast Electronic Digital Content Distribution Service X. END-USERDEVICE(S) A. Overview  1. Delivery Over TelecommunicationsInfrastructure  2. Delivery Over A Computer Readable Medium B.Application Installation C. Secure Container Processor D. The PlayerApplication  1. Overview  2. End-User Interface Components  3. Copy/PlayManagement Components  4. Decryption 1505, Decompression 1506 andPlayback Components  5. Data Management 1502 and Library AccessComponents  6. Inter-application Communication Components  7. OtherMiscellaneous Components  8. The Generic Player  9. Digital ContentLibrary Manager

[0050] I. Secure Digital Content Electronic Distribution System

[0051] A. System Overview

[0052] The Secure Digital Content Electronic Distribution System is atechnical platform that encompasses the technology, specifications,tools, and software needed for the secure delivery and rights managementof Digital Content and digital content-related content to an end-user,client device. The End-User Device(s) include PCS, set top boxes (IRDs),and Internet appliances. These devices may copy the content to externalmedia or portable, consumer devices as permitted by the contentproprietors. The term Digital Content or simply Content, refers toinformation and data stored in a digital format including: pictures,movies, videos, music, programs, multimedia and games.

[0053] The technical platform specifies how Digital Content is prepared,securely distributed through point-to-point and broadcastinfrastructures (such as cable, Internet, satellite, and wireless)licensed to End-User Device(s), and protected against unauthorizedcopying or playing. In addition, the architecture of the technicalplatform allows for the integration and migration of varioustechnologies such as watermarking, compression/encoding, encryption, andother security algorithms as they evolve over time.

[0054] The base components of the Secure Digital Content ElectronicDistribution System are: (1) rights management for the protection ofownership rights of the content proprietor; (2) transaction metering forimmediate and accurate compensation; and (3) an open and well-documentedarchitecture that enables Content Provider(s) to prepare content andpermit its secure delivery over multiple network infrastructures forplayback on any standard compliant player.

[0055] 1. Rights Management

[0056] Rights management in the Secure Digital Content ElectronicDistribution System is implemented through a set of functionsdistributed among the operating components of the system. Its primaryfunctions include: licensing authorization and control so that contentis unlocked only by authorized intermediate or End-User(s) that havesecured a license; and control and enforcement of content usageaccording to the conditions of purchase or license, such as permittednumber of copies, number of plays, and the time interval or term thelicense may be valid. A secondary function of rights management is toenable a means to identify the origin of unauthorized copies of contentto combat piracy.

[0057] Licensing authorization and control are implemented through theuse of a Clearinghouse(s) entity and Secure Container (SC) technology.The Clearinghouse(s) provides licensing authorization by enablingintermediate or End-User(s) to unlock content after verification of asuccessful completion of a licensing transaction. Secure Containers areused to distribute encrypted content and information among the systemcomponents. A SC is a cryptographic carrier of information or contentthat uses encryption, digital signatures, and digital certificates toprovide protection against unauthorized interception or modification ofelectronic information and content. It also allows for the verificationof the authenticity and integrity of the Digital Content. The advantageof these rights management functions is that the electronic DigitalContent distribution infrastructure does not have to be secure ortrusted. Therefore allowing transmission over network infrastructuressuch as the Web and Internet. This is due to the fact that the Contentis encrypted within Secure Containers and its storage and distributionare separate from the control of its unlocking and use. Only users whohave decryption keys can unlock the encrypted Content, and theClearinghouse(s) releases decryption keys only for authorized andappropriate usage requests. The Clearinghouse(s) will not clear bogusrequests from unknown or unauthorized parties or requests that do notcomply with the content's usage conditions as set by the contentproprietors. In addition, if the SC is tampered with during itstransmission, the software in the Clearinghouse(s) determines that theContent in a SC is corrupted or falsified and repudiate the transaction.

[0058] The control of Content usage is enabled through the End-UserPlayer Application 195 running on an End-User Device(s). The applicationembeds a digital code in every copy of the Content that defines theallowable number of secondary copies and playbacks. Digital watermarkingtechnology is used to generate the digital code, to keep it hidden fromother End-User Player Application 195, and to make it resistant toalteration attempts. In an alternate embodiment, the digital code isjust kept as part of the usage conditions associated with the Content113. When the Digital Content 113 is accessed in a compliant End-UserDevice(s), the End-User Player Application 195 reads the watermark tocheck the use restrictions and updates the watermark as required. If therequested use of the content does not comply with the usage conditions,e.g., the number of copies has been exhausted, the End-User Device(s)will not perform the request.

[0059] Digital watermarking also provides the means to identify theorigin of authorized or unauthorized copies of Content. An initialwatermark in the Content is embedded by the content proprietor toidentify the content proprietor, specify copyright information, definegeographic distribution areas, and add other pertinent information. Asecond watermark is embedded in the Content at the End-User Device(s) toidentify the content purchaser (or licensee) and End-User Device(s),specify the purchase or license conditions and date, and add any otherpertinent information.

[0060] Since watermarks become an integral part of the Content, they arecarried in the copies independent of whether the copies were authorizedor not. Thus the Digital Content always contains information regardingits source and its permitted use regardless of where the content residesor where it comes from. This information may be used to combat illegaluse of the Content.

[0061] 2. Metering

[0062] As part of its rights management functions, the Clearinghouse(s)keeps a record of all transactions where a key exchange is clearedthrough the Clearinghouse(s). This record allows for the metering oflicensing authorization and the original conditions of use. Thetransaction record can be reported to responsible parties, such as,content proprietors or Content Provider(s), retailers, and others, on animmediate or periodic basis to facilitate electronic reconciliation oftransaction payments and other uses.

[0063] 3. Open Architecture

[0064] The Secure Digital Content Electronic Distribution System(System) is an open architecture with published specifications andinterfaces to facilitate broad implementation and acceptance of theSystem in the market place while maintaining rights protection for thecontent proprietors. The flexibility and openness of the Systemarchitecture also enable the System to evolve over time as varioustechnologies, transmission infrastructures, and devices are delivered tothe marketplace.

[0065] The architecture is open regarding the nature of the Content andits format. Distribution of audio, programs, multimedia, video, or othertypes of Content is supported by the architecture. The Content could bein a native format, such as linear PCM for digital music, or a formatachieved by additional preprocessing or encoding, such as filtering,compression, or pre/de-emphasis, and more. The architecture is open tovarious encryption and watermarking techniques. It allows for theselection of specific techniques to accommodate different Content typesand formats and to allow the introduction or adoption of newtechnologies as they evolve. This flexibility allows Content Provider(s)to pick and evolve the technologies they use for data compression,encryption, and formatting within the Secure Digital Content ElectronicDistribution System.

[0066] The architecture is also open to different distribution networksand distribution models. The architecture supports content distributionover low-speed Internet connections or high-speed satellite and cablenetworks and can be used with point-to-point or broadcast models. Inaddition, the architecture is designed so that the functions in theEnd-User Device(s) can be implemented on a wide variety of devices,including low cost consumer devices. This flexibility allows ContentProvider(s) and retailers to offer Content to intermediate orEnd-User(s) through a variety of service offerings and enables the usersto purchase or license Content, play it back, and record it on variouscompliant player devices.

[0067] B. System Functional Elements

[0068] Turning now to FIG. 1, there is shown a block diagramillustrating an overview of a Secure Digital Content ElectronicDistribution System 100 according to the present invention. The SecureDigital Content Electronic Distribution System 100 encompasses severalbusiness elements that comprise an end-to-end solution, including:Content Provider(s) 101 or the proprietors of the Digital Content,Electronic Digital Content Store(s) 103, Intermediate Market Partners(not shown), Clearinghouse(s) 105, Content Hosting Site 111,Transmission Infrastructures 107, and End-User Device(s) 109. Each ofthese business elements use various components of the Secure DigitalContent Electronic Distribution System 100. A high level description ofthese business elements and system components, as they pertainspecifically to electronic Content 113 distribution, follows.

[0069] 1. Content Provider(s) 101

[0070] Content Provider(s) 101 or content proprietor(s) are owners oforiginal Content 113 and/or distributors authorized to packageindependent Content 113 for further distribution. Content Provider(s)101 may exploit their rights directly or license Content 113 to theElectronic Digital Content Store(s) 103, or Intermediate Market Partners(not shown), usually in return for Content usage payments related toelectronic commerce revenues. Examples of Content Provider(s) 101include Sony, Time-Warner, MTV, IBM, Microsoft, Turner, Fox and others.

[0071] Content Provider(s) 101 use tools provided as part of the SecureDigital Content Electronic Distribution System 100 in order to preparetheir Content 113 and related data for distribution. A Work Flow ManagerTool 154 schedules Content 113 to be processed and tracks the Content113 as it flows through the various steps of Content 113 preparation andpackaging to maintain high quality assurance. The term metadata is usedthroughout this document to mean data related to the Content 113 and inthis embodiment does not include the Content 113 itself. As an example,metadata for a song maybe a song title or song credits but not the soundrecording of the song. The Content 113 would contain the soundrecording. A Metadata Assimilation and Entry Tool 161 is used to extractmetadata from the Content Provider(s)' Database 160 or data provided bythe Content Provider(s) in a prescribed format (for a music example theContent 113 information such as CD title, artist name, song title, CDartwork, and more) and to package it for electronic distribution. TheMetadata Assimilation and Entry Tool 161 is also used to enter the UsageConditions for the Content 113. The data in Usage Conditions can includecopy restriction rules, the wholesale price, and any business rulesdeemed necessary. A Watermarking Tool is used to hide data in theContent 113 that identifies the content owner, the processing date, andother relevant data. For an embodiment where the Content 113 is audio,an audio preprocessor tool is used to adjust the dynamics and/orequalize the Content 113 or other audio for optimum compression quality,compress the Content 113 to the desired compression levels, and encryptthe Content 113. These can be adapted to follow technical advances indigital content compression/encoding, encryption, and formattingmethods, allowing the Content Provider(s) 101 to utilize best tools asthey evolve over time in the marketplace.

[0072] The encrypted Content 113, digital content-related data ormetadata, and encrypted keys are packed in SCs (described below) by theSC Packer Tool and stored in a content hosting site and/or promotionalweb site for electronic distribution. The content hosting site canreside at the Content Provider(s) 101 or in multiple locations,including Electronic Digital Content Store(s) 103 and IntermediateMarket Partners (not shown) facilities. Since both the Content 113 andthe Keys (described below) are encrypted and packed in SCs, ElectronicDigital Content Store(s) 103 or any other hosting agent can not directlyaccess decrypted Content 113 without clearance from the Clearinghouse(s)and notification to the Content Provider(s) 101.

[0073] 2. Electronic Digital Content Store(s) 103

[0074] Electronic Digital Content Store(s) 103 are the entities whomarket the Content 113 through a wide variety of services orapplications, such as Content 113 theme programming or electronicmerchandising of Content 113. Electronic Digital Content Store(s) 103manage the design, development, business operations, settlements,merchandising, marketing, and sales of their services. Example onlineElectronic Digital Content Store(s) 103 are Web sites that provideelectronic downloads of software.

[0075] Within their services, Electronic Digital Content Store(s) 103implement certain functions of the Secure Digital Content ElectronicDistribution System 100. Electronic Digital Content Store(s) 103aggregate information from the Content Provider(s) 101, pack content andmetadata in additional SCs, and deliver those SCs to consumers orbusinesses as part of a service or application. Electronic DigitalContent Store(s) 103 use tools provided by the Secure Digital ContentElectronic Distribution System 100 to assist with: metadata extraction,secondary usage conditions, SC packaging, and tracking of electroniccontent transactions. The secondary usage conditions data can includeretail business offers such as Content 113 purchase price,pay-per-listen price, copy authorization and target device types, ortimed-availability restrictions.

[0076] Once an Electronic Digital Content Store(s) 103 completes a validrequest for electronic Content 113 from an End-User(s), the ElectronicDigital Content Store(s) 103 is responsible for authorizing theClearinghouse(s) 105 to release the decryption key for the Content 113to the customer. The Electronic Digital Content Store(s) also authorizesthe download of the SC containing the Content 113. The ElectronicDigital Content Store(s) may elect to host the SCs containing theDigital Content at its local site and/or utilize the hosting anddistribution facilities of another Content hosting site.

[0077] The Electronic Digital Content Store(s) can provide customerservice for any questions or problems that an End-User(s) may have usingthe Secure Digital Content Electronic Distribution System 100, or theElectronic Digital Content Store(s) 103 may contract their customerservice support to the Clearinghouse(s) 105.

[0078]3. Intermediate Market Partners (Not Shown)

[0079] In an alternate embodiment, the Secure Digital Content ElectronicDistribution System 100 can be used to provide Content 113 securely toother businesses called Intermediate Market Partners. These partners mayinclude digital content-related companies offering a non-electronicservice, such as televisions stations or video clubs, radio stations orrecord clubs, that distribute Content 113. These Partners may alsoinclude other trusted parties who handle material as part of making ormarketing sound recordings, such as record studios, replicators, andproducers. These Intermediate Market Partners requires clearance fromthe Clearinghouse(s) 105 in order to decrypt the Content 113.

[0080] 4. Clearinghouse(s) 105

[0081] The Clearinghouse(s) 105 provides the licensing authorization andrecord keeping for all transactions that relate to the sale and/orpermitted use of the Content 113 encrypted in a SC. When theClearinghouse(s) 105 receives a request for a decryption key for theContent 113 from an intermediate or End-User(s), the Clearinghouse(s)105 validates the integrity and authenticity of the information in therequest; verifies that the request was authorized by an ElectronicDigital Content Store(s) or Content Provider(s) 101; and verifies thatthe requested usage complies with the content Usage Conditions asdefined by the Content Provider(s) 101. Once these verifications aresatisfied, the Clearinghouse(s) 105 sends the decryption key for theContent 113 to the requesting End-User(s) packed in a License SC. Thekey is encrypted in a manner so that only the authorized user canretrieve it. If the End-User's request is not verifiable, complete, orauthorized, the Clearinghouse(s) 105 repudiates the request for thedecryption key.

[0082] The Clearinghouse(s) 105 keeps a record of all transactions andcan report them to responsible parties, such as Electronic DigitalContent Store(s) 103 and Content Provider(s) 101, on an immediate,periodic, or restricted basis. This reporting is a means by whichContent Provider(s) 101 can be informed of the sale of Content 113 andthe Electronic Digital Content Store(s) 103 can obtain an audit trail ofelectronic delivery to their customers. The Clearinghouse(s) 105 canalso notify the Content Provider(s) 101 and/or Electronic DigitalContent Store(s) 103 if it detects that information in a SC has beencompromised or does not comply with the Content's Usage Conditions. Thetransaction recording and repository capabilities of theClearinghouse(s) 105 database is structured for data mining and reportgeneration.

[0083] In another embodiment, the Clearinghouse(s) 105 can providecustomer support and exception processing for transactions such asrefinds, transmission failures, and purchase disputes. TheClearinghouse(s) 105 can be operated as an independent entity, providinga trusted custodian for rights management and metering. It providesbilling and settlement as required. Examples of electronicClearinghouse(s) include Secure-Bank.com and Secure ElectronicTransaction (SET) from Visa/Mastercard. In one embodiment, theClearinghouse(s) 105 are Web sites accessible to the End-User Device(s)109. In another embodiment, the Clearinghouse(s) 105 is part of theElectronic Digital Content Store(s) 103.

[0084] 5. End-User Device(s) 109

[0085] The End-User Device(s) 109 can be any player device that containsan End-User Player Application 195 (described later) compliant with theSecure Digital Content Electronic Distribution System 100specifications. These devices may include PCS, set top boxes (IRDs), andInternet appliances. The End-User Player Application 195 could beimplemented in software and/or consumer electronics hardware. Inaddition to performing play, record, and library management functions,the End-User Player Application 195 performs SC processing to enablerights management in the End-User Device(s) 109. The End-User Device(s)109 manages the download and storage of the SCs containing the DigitalContent; requests and manages receipt of the encrypted Digital Contentkeys from the Clearinghouse(s) 105; processes the watermark(s) everytime the Digital Content is copied or played; manages the number ofcopies made (or deletion of the copy) in accordance with the DigitalContent's Usage Conditions; and performs the copy to an external mediaor portable consumer device if permitted. The portable consumer devicecan perform a subset of the End-User Player Application 195 functions inorder to process the content's Usage Conditions embedded in thewatermark. The terms End-User(s) and End-User Player Application 195 areused throughout this to mean through the use or running-on an End-UserDevice(s) 109.

[0086] 6. Transmission Infrastructures 107

[0087] The Secure Digital Content Electronic Distribution System 100 isindependent of the transmission network connecting the ElectronicDigital Content Store(s) 103 and End-User Device(s) 109. It supportsboth point-to-point such as the Internet and broadcast distributionmodels such as digital broadcast television.

[0088] Even though the same tools and applications are used to acquire,package, and track Content 113 transactions over various TransmissionInfrastructures 107, the presentation and method in which services aredelivered to the customer may vary depending on the infrastructure anddistribution model selected. The quality of the Content 113 beingtransferred may also vary since high bandwidth infrastructures candeliver high-quality digital content at more acceptable response timesthan lower bandwidth infrastructures. A service application designed fora point-to-point distribution model can be adapted to support abroadcast distribution model as well.

[0089] C. System Uses

[0090] The Secure Digital Content Electronic Distribution System 100enables the secure delivery of high-quality, electronic copies ofContent 113 to End-User Device(s) 109, whether consumer or business, andto regulate and track usage of the Content 113.

[0091] The Secure Digital Content Electronic Distribution System 100could be deployed in a variety of consumer and business-to-businessservices using both new and existing distribution channels. Eachparticular service could use a different financial model that can beenforced through the rights management features of the Secure DigitalContent Electronic Distribution System 100. Models such as wholesale orretail purchase, pay-per-listen usage, subscription services,copy/no-copy restrictions, or redistribution could be implementedthrough the rights management of the Clearinghouse(s) 105 and theEnd-User Player Application 195 copy protection features.

[0092] The Secure Digital Content Electronic Distribution System 100allows Electronic Digital Content Store(s) 103 and Intermediate MarketPartners a great deal of flexibility in creating services that sellContent 113. At the same time it provides Content Provider(s) 101 alevel of assurance that their digital assets are protected and meteredso that they can receive appropriate compensation for the licensing ofContent 113.

[0093] II. Cryptography Concepts and their Application to the SecureDigital Content Electronic Distribution System

[0094] License Control in the Secure Digital Content ElectronicDistribution System 100 is based on the use of cryptography. Thissection introduces basic cryptography technologies of the presentinvention. The use of public key encryption, symmetric key encryption,digital signatures, digital watermarks and digital certificates isknown.

[0095] A. Symmetric Algorithms

[0096] In the Secure Digital Content Electronic Distribution System 100the Content Provider(s) 101 encrypts the content using symmetricalgorithms. They are called symmetric algorithms because the same key isused to encrypt and decrypt data. The data sender and the messagerecipient must share the key. The shared key is referred to here as thesymmetric key. The Secure Digital Content Electronic Distribution System100 architecture is independent of the specific symmetric algorithmselected for a particular implementation.

[0097] Common symmetric algorithms are DES, RC2 and RC4. Both DES andRC2 are block cipher. A block cipher encrypts the data using a block ofdata bits at a time. DES is an official US government encryptionstandard, has a 64-bit block size, and uses a 56-bit key. Triple-DES iscommonly used to increase the security achieved with simple DES. RSAData Security designed RC2. RC2 uses a variable-key-size cipher and hasa block size of 64 bits. RC4, also designed by RSA Data Security, is avariable-key-size stream cipher. A stream cipher operates on a singledata bit at a time. RSA Data Security claims that eight to sixteenmachine operations are required for RC4 per output byte.

[0098] IBM designed a fast algorithm called SEAL. SEAL is a streamalgorithm that uses a variable-length key and that has been optimizedfor 32-bit processors. SEAL requires about five elementary machineinstructions per data byte. A 50 MHZ, 486-based computer runs the SEALcode at 7.2 megabytes/second if the 160-bit key used has already beenpreprocessed into internal tables.

[0099] Microsoft reports results of encryption performance benchmark inits Overview of Crypto API document. These results were obtained by anapplication using Microsoft's Crypto API, running on a 120-MHZ,Pentium-based computer with Windows NT 4.0. Cipher Key Size Key SetupTime Encryption Speed DES 56 460 1,138,519 RC2 40  40   286,888 RC4 40151 2,377,723

[0100] B. Public Key Algorithms

[0101] In the Secure Digital Content Electronic Distribution System 100,symmetric keys and other small data pieces are encrypted using publickeys. Public key algorithms use two keys. The two keys aremathematically related so that data encrypted with one key can only bedecrypted with the other key. The owner of the keys keeps one keyprivate (private key) and publicly distributes the second key (publickey).

[0102] To secure the transmission of a confidential message using apublic key algorithm, one must use the recipient's public key to encryptthe message. Only the recipient, who has the associated private key, candecrypt the message. Public key algorithms are also used to generatedigital signatures. The private key is used for that purpose. Thefollowing section provides information on digital signatures.

[0103] The most common used public-key algorithm is the RSA public-keycipher. It has become the de-facto public key standard in the industry.Other algorithms that also work well for encryption and digitalsignatures are ElGamal and Rabin. RSA is a variable-key length cipher.

[0104] Symmetric key algorithms are much faster than the public keyalgorithms. In software, DES is generally at least 100 times as fast asRSA. Because of this, RSA is not used to encrypt bulk data. RSA DataSecurity reports that on a 90 MHZ Pentium machine, RSA Data Security'stoolkit BSAFE 3.0 has a throughput for private-key operations(encryption or decryption, using the private key) of 21.6kilobits/second with a 512-bit modulus and 7.4 kilobits/second with a1024-bit modulus.

[0105] C. Digital Signature

[0106] In the Secure Digital Content Electronic Distribution System 100,the issuer of SC(s) protects the integrity of SC(s) by digitally signingit. In general, to create a digital signature of a message, a messageowner first computes the message digest (defined below) and then encryptthe message digest using the owner's private key. The message isdistributed with its signature. Any recipient of the message can verifythe digital signature first by decrypting the signature using the publickey of the message owner to recover the message digest. Then, therecipient computes the digest of the received message and compares itwith the recovered one. If the message has not being altered duringdistribution, the calculated digest and recovered digest must be equal.

[0107] In the Secure Digital Content Electronic Distribution System 100,since SC(s) contain several data parts, a digest is calculated for eachpart and a summary digest is calculated for the concatenated partdigests. The summary digest is encrypted using the private key of theissuer of the SC(s). The encrypted summary digest is the issuer'sdigital signature for the SC(s). The part digests and the digitalsignature are included in the body of the SC(s). The recipients of SC(s)can verify the integrity of the SC(s) and its parts by means of thereceived digital signature and part digests.

[0108] A one-way hash algorithm is used to calculate a message digest. Ahash algorithm takes a variable-length-input message and converts itinto a fixed length string, the message digest. A one-way hash algorithmoperates only in one direction. That is, it is easy to calculate thedigest for an input message, but it is very difficult (computationallyinfeasible) to generate the input message from its digest. Because ofthe properties of the one-way hash functions, one can think of a messagedigest as a fingerprint of the message.

[0109] The more common one-way hash functions are MD5 from RSA DataSecurity and SHA designed by the US National Institute of Technology andStandards (NITS).

[0110] D. Digital Certificates

[0111] A digital certificate is used to authenticate or verify theidentity of a person or entity that has sent a digitally signed message.A certificate is a digital document issued by a certification authoritythat binds a public key to a person or entity. The certificate includesthe public key, the name of the person or entity, an expiration date,the name of the certification authority, and other information. Thecertificate also contains the digital signature of the certificationauthority.

[0112] When an entity (or person) sends a message signed with itsprivate key and accompanied with its digital certificate, the recipientof the message uses the entity's name from the certificate to decidewhether or not to accept the message.

[0113] In the Secure Digital Content Electronic Distribution System 100,every SC(s), except those issued by the End-User Device(s) 109, includesthe certificate of the creator of the SC(s). The End-User Device(s) 109do not need to include certificates in their SC(s) because manyEnd-User(s) do not bother to acquire a certificate or have certificatesissued by non bona-fide Certification Authorities. In the Secure DigitalContent Electronic Distribution System 100, the Clearinghouse(s) 105 hasthe option of issuing certificates to the Electronic Digital ContentStore(s) 103. This allows the End-User Device(s) 109 to independentlyverify that the Electronic Digital Content Store(s) 103 have beenauthorized by the Secure Digital Content Electronic Distribution System100.

[0114] E. Guide To The SC(s) Graphical Representation

[0115] This document uses a drawing to graphically represent SC(s) thatshows encrypted parts, non-encrypted parts, the encryption keys, andcertificates. Referring now to FIG. 2 is an example drawing of SC(s)200. The following symbols are used in the SC(s) figures. Key 201 is apublic or private key. The teeth of the key e.g. CLRNGH forClearinghouse indicate the key owner. PB inside the handle indicatesthat it is a public key thus key 201 is a Clearinghouse public key. PVinside the handle indicates that it is a private key. Diamond shape isan End-User Digital Signature 202. The initials indicate which privatekey was used to create the signature thus in EU is the End-User(s)digital signature from table below. Symmetric key 203 is used to encryptcontent. An encrypted symmetric key object 204 comprising a symmetrickey 203 encrypted with a PB of CLRNGH. The key on the top border of therectangle is the key used in the encryption of the object. The symbol ortext inside the rectangle indicates the encrypted object (a symmetrickey in this case). Another encrypted object, in this example aTransaction ID encrypted object 205 is shown. And Usage Conditions 206for content licensing management as described below. The SC(s) 200comprises Usage Conditions 206, Transaction ID encrypted object 205, anApplication ID encrypted object 207, and encrypted symmetric key object204, all signed with an End-User Digital Signature 202.

[0116] The table below shows the initials that identify the signer ofSC(s). Initial Component CP Content Provider(s) 101 MS ElectronicDigital Content Store(s) 103 HS Content Hosting Site(s) 111 EU End-UserDevice(s) 109 CH Clearinghouse(s) 105 CA certification authority(ies)(not shown)

[0117] F. Example of a Secure Container Encryption

[0118] The tables and diagrams below provide an overview of theencryption and decryption process used to create and recover informationfrom SC(s). The SC(s) that is created and decrypted in this processoverview is a general SC(s). It does not represent any of the specificSC(s) types used for rights management in the Secure Digital ContentElectronic Distribution System 100. The process consists of the stepsdescribed in FIG. 3 for encryption process.

[0119] Process Flow for Encryption Process of FIG. 3

[0120] Step Process

[0121]301 Sender generates a random symmetric key and uses it to encryptthe content.

[0122]302 Sender runs the encrypted content through a hash algorithm toproduce the content digest.

[0123]303 Sender encrypts the symmetric key using the recipient's publickey. PB RECPNT refers to the recipient's public key.

[0124]304 Sender runs the encrypted symmetric key through the same hashalgorithm used in step 2 to produce the symmetric key digest.

[0125]305 Sender runs the concatenation of the content digest andsymmetric key digest through the same hash algorithm used in step 2 toproduce the SC(s) digest.

[0126]306 Sender encrypts the SC(s) digest with the sender's private keyto produce the digital signature for the SC(s). PV SENDER refers to thesender's private key.

[0127]307B Sender creates a SC(s) file that includes the encryptedcontent, encrypted symmetric key, content digest, symmetric key digest,sender's certificate, and SC(s) signature.

[0128]307A Sender must have obtained the certificate from acertification authority prior to initiating secure communications. Thecertification authority includes in the certificate the sender's publickey, the sender's name and signs it. PV CAUTHR refers to thecertifications authority's private key. Sender transmits the SC(s) tothe recipient.

[0129] Process Flow for Decryption Process of FIG. 4

[0130] Step Process

[0131]408 Recipient receives the SC(s) and separates its parts.

[0132]409 Recipient verifies the digital signature in the sender'scertificate by decrypting it with the public key of the certificationauthority. If the certificate's digital signature is valid, recipientacquires the sender's public key from the certificate.

[0133]410 Recipient decrypts the SC(s) digital signature using thesender's public key. This recovers the SC(s) digest. PB SENDER refers tothe sender's public key.

[0134]411 Recipient runs the concatenation of the received contentdigest and encrypted key digest through the same hash algorithm used bythe sender to compute the SC(s) digest.

[0135]412 Recipient compares the computed SC(s) digest with the onerecovered from the sender's digital signature. If they are the same,recipient confirms that the received digests have not been altered andcontinues with the decryption process. If they are not the same,recipient discards the SC(s) and notifies the sender.

[0136]413 Recipient runs the encrypted symmetric key through the samehash algorithm used in step 411 to compute the symmetric key digest.

[0137]414 Recipient compares the computed symmetric key digest with theone received in the SC(s). If it is the same, recipient knows that theencrypted symmetric key has not been altered. Recipient continues withthe decryption process. If not valid, recipient discards the SC(s) andnotifies the sender.

[0138]415 Recipient runs the encrypted content through the same hashalgorithm used in step 411 to compute the content digest.

[0139]416 Recipient compares the computed content digest with the onereceived in the SC(s). If it is the same, recipient knows that theencrypted content has not been altered. Recipient then continues withthe decryption process. If not valid, recipient discards the SC(s) andnotifies the sender.

[0140]417 Recipient decrypts the encrypted symmetric key using therecipient's private key. This recovers the symmetric key. PV RECPNTrefers to the recipient's private key.

[0141]418 Recipient uses the symmetric key to decrypt the encryptedcontent. This recovers the content.

[0142] III. Secure Digital Content Electronic Distribution System Flow

[0143] The Secure Electronic Digital Content Distribution System 100,consists of several components that are used by the differentparticipants of the system. These participants include the ContentProvider(s) 101, Electronic Digital Content Store(s) 103, End-User(s)via End-User Device(s) 109 and the Clearinghouse(s) 105. A high levelsystem flow is used as an overview of the Secure Digital ContentElectronic Distribution System 100. This flow outlined below tracksContent as it flows throughout the System 100. Additionally it outlinesthe steps used by the participants to conduct the transactions for thepurchase, unlocking and use of the Content 113. Some of the assumptionsmade in the system flow include:

[0144] This is a system flow for a Digital Content service(Point-to-Point Interface to a PC).

[0145] Content Provider(s) 101 submits audio Digital Content in PCMuncompressed format (as a music audio example).

[0146] Content Provider(s) 101 has metadata in an ODBC compliantdatabase or Content Provider(s) 101 will enter the data directly intothe Content Information Processing Subsystem, or will have provided datain prescribed ASCII file format(s).

[0147] Financial settlement is done by the Electronic Digital ContentStore(s).

[0148] Content 113 is hosted at a single Content Hosting Site(s) 1 11.

[0149] It should be understood by those skilled in the art that theseassumptions can be altered to accommodate the exact nature of theDigital Content e.g. music, video and program and electronicdistribution systems broadcast.

[0150] The following process flow in illustrated in FIG. 1.

[0151] Step Process

[0152]121 A uncompressed PCM audio file is provided as Content 113 bythe Content Provider(s) 101. Its file name is input into the Work FlowManager 154Tool along with the Content Provider(s)' 101 uniqueidentifier for the Content 113.

[0153]122 Metadata is captured from the Content Provider(s)' Database160 by the Content Information Processing Subsystem using the ContentProvider(s)' 101 unique identifier for the Content 113 and informationprovided by the Database Mapping Template.

[0154]123 The Work Flow Manager Tool 154 is used to direct the contentflow through the acquisition and preparation process at the ContentProvider(s) 101. It can also be used to track the status of any piece ofcontent in the system at any time.

[0155]124 The Usage Conditions for the Content 113 are entered into theContent Information Processing Subsystem, this can be done eithermanually or automatically. This data includes copy restriction rules andany other business rules deemed necessary. All of the metadata entry canoccur in parallel with the Audio Processing for the data.

[0156]125 The Watermarking Tool is used to hide data in the Content 113that the Content Provider(s) 101 deems necessary to identify thecontent. This could include when it was captured, where it came from(this Content Provider(s) 101), or any other information specified bythe Content Provider(s) 101.

[0157] The Content Processing Tool 125 performs equalization, dynamicsadjustments and re-sampling to the Content 113 as necessary for thedifferent compression levels supported.

[0158] The Content 113 is compressed using the Content Processing Tool125 to the desired compression levels. The Content 113 can then beplayed back to verify that the compression produces the required levelof Content 113 quality. If necessary the equalization, dynamicsadjustments, compression and playback quality checks can be performed asmany times as desired.

[0159] The Content 113 and a subset of its metadata is encrypted with aSymmetric Key by the SC Packer. This tool then encrypts the key usingthe Public Key of the Clearinghouse(s) 105 to produce an EncryptedSymmetric Key. This key can be transmitted anywhere without comprisingthe security of the Content 113 since the only entity that can decryptit is the Clearinghouse(s) 105.

[0160]126 The Encrypted Symmetric Key, metadata and other informationabout the Content 113 is then packed into a Metadata SC by the SC PackerTool 152.

[0161]127 The encrypted Content 113 and metadata are then packed into aContent SC. At this point the processing on the Content 113 and metadatais complete.

[0162]128 The Metadata SC(s) is then sent to the Content Promotions WebSite 156 using the Content Disbursement Tool (not shown).

[0163]129 The Content Disbursement Tool sends the Content SC(s) to theContent Hosting Site(s) 111. The Content Hosting Site(s) can reside atthe Content Provider(s) 101, the Clearinghouse(s) 105 or a speciallocation dedicated for Content Hosting. The URL for this site is part ofthe metadata that was added to the Metadata SC.

[0164]130 The Content Promotions Web Site 156 notifies ElectronicDigital Content Store(s) 103 of new Content 113 that is added to theSystem 100.

[0165]131 Using the Content Acquisition Tool, Electronic Digital ContentStore(s) 103 then download the Metadata SCs that correspond to theContent 113 they wish to sell.

[0166]132 The Electronic Digital Content Store(s) 103 will use theContent Acquisition Tool to pull out any data from the Metadata SC(s)that they want to use to promote the Content 113 on their Web Site.Access to portions of this metadata can be secured and charged for ifdesired.

[0167]133 The Usage Conditions for the Content 113, specific to thisElectronic Digital Content Store(s) 103, are entered using the ContentAcquisition Tool. These Usage Conditions include the retail prices andcopy/play restrictions for the different compression levels of theContent 113.

[0168]134 The Electronic Digital Content Store(s) 103 specific UsageConditions and the original Metadata SC(s) are packed into an Offer SCby the SC Packer Tool.

[0169]135 After the Electronic Digital Content Store(s) 103 Web Site isupdated, the Content 113 is available to End-User(s) surfing the Web.

[0170]136 When an End-User(s) finds Content 113 that they want to buy,they click on a content icon, such as a music icon, and the item isadded to his/her shopping cart which is maintained by the ElectronicDigital Content Store(s) 103. When the End-User(s) completes shoppingthey submit the purchase request to the Electronic Digital ContentStore(s) 103 for processing.

[0171]137 The Electronic Digital Content Store(s) 103 then interactswith credit card clearing organizations to place a hold on the funds inthe same way they do business today.

[0172]138 Once the Electronic Digital Content Store(s) 103 receives thecredit card authorization number back from the credit card clearingorganization, it stores this into a database and invokes the SC PackerTool to build a Transaction SC. This Transaction SC includes all of theOffer SCs for the Content 113 that the End-User(s) has purchased, aTransaction ID that can be tracked back to the Electronic DigitalContent Store(s) 103, information that identifies the End-User(s),compression levels, Usage Conditions and the price list for the songspurchased.

[0173]139 This Transaction SC is then transmitted to the End-UserDevice(s) 109.

[0174]140 When the Transaction SC arrives on the End-User Device(s) 109,it kicks off the End-User Player Application 195 which opens theTransaction SC and acknowledges the End-User's purchase. The End-UserPlayer Application 195 then opens the individual Offer SCs and in analternate embodiment, may inform the user with an estimate of thedownload time. It then asks the user to specify when they want todownload the Content 113.

[0175]141 Based on the time the End-User(s) requested the download, theEnd-User Player Application 195 will wake up and initiate the start ofthe download process by building a Order SC that contains among otherthings the Encrypted Symmetric Key for the Content 113, the TransactionID, and End-User(s) information.

[0176]142 This Order SC is then sent to the Clearinghouse(s) 105 forprocessing.

[0177]143 The Clearinghouse(s) 105 receives the Order SC, opens it andverifies that none of the data has been tampered with. TheClearinghouse(s) 105 validates the Usage Conditions purchased by theEnd-User(s). These Usage Conditions must comply with those specified bythe Content Provider(s) 101. This information is logged in a database.

[0178]144 Once all the checks are complete, the Encrypted Symmetric Keyis decrypted using the private key of the Clearinghouse(s) 105. TheSymmetric Key is then encrypted using the public key of the End-User(s).This new Encrypted Symmetric Key is then packaged into a License SC bythe SC Packer.

[0179]145 The License SC is then transmitted to the End-User(s).

[0180]146 When the License SC is received at the End-User Device(s) 109it is stored in memory until the Content SC is downloaded.

[0181]147 The End-User Device(s) 109 request from the Content HostingFacility 111, sending the corresponding License SC for the purchasedContent 113.

[0182]148 Content 113 is sent to the End-User Device(s) 109. Upon thereceipt the Content 113 is de-encrypted by the End-User Device(s) 109using the Symmetric Key.

[0183] IV. Rights Management Architecture Model

[0184] A. Architecture Layer Functions

[0185]FIG. 5 is a block diagram of the Rights Management Architecture ofthe Secure Digital Content Electronic Distribution System 100.Architecturally, four layers represent the Secure Digital ContentElectronic Distribution System 100: the License Control Layer 501, theContent Identification Layer 503, Content Usage Control Layer 505, andthe Content Formatting Layer 507. The overall functional objective ofeach layer and the individual key functions for each layer are describedin this section. The functions in each of the layers are fairlyindependent of the functions in the other layers. Within broadlimitations, functions in a layer can be substituted with similarfunctions without affecting the functionality of the other layers.Obviously, it is required that the output from one layer satisfiesformat and semantics acceptable to the adjacent layer.

[0186] The License Control Layer 501 ensures that:

[0187] the Digital Content is protected during distribution againstillegal interception and tampering;

[0188] the Content 113 originates from a rightful content owner and isdistributed by a licensed distributor, e.g. Electronic Digital ContentStore(s) 103;

[0189] the Digital Content purchaser has a properly licensedapplication;

[0190] the distributor is paid by the purchaser before a copy of theContent 113 is made available to the purchaser or End-User(s); and

[0191] a record of the transaction is kept for reporting purposes.

[0192] The Content Identification Layer 503 allows for the verificationof the copyright and the identity of the content purchaser. Thecontent's copyright information and identity of the content purchaserenables the source tracking of any, authorized or not, copy of theContent 113. Thus, the Content Identification Layer 503 provides a meansto combat piracy.

[0193] The Content Usage Control Layer 505 ensures that the copy of theContent 113 is used in the purchaser's device according to the StoreUsage Conditions 519. The Store Usage Conditions 519 may specify thenumber of plays and local copies allowed for the Content 113, andwhether or not the Content 113 maybe recorded to an external portabledevice. The functions in the Content Usage Control Layer 505 keep trackof the content's copy/play usage and update the copy/play status.

[0194] The Content Formatting Layer 507 allows for the format conversionof the Content 113 from its native representation in the content owner'sfacilities into a form that is consistent with the service features anddistribution means of the Secure Digital Content Electronic DistributionSystem 100. The conversion processing may include compression encodingand its associated preprocessing, such as frequency equalization andamplitude dynamic adjustment. For Content 113 which is audio, at thepurchaser's side, the received Content 113 also needs to be processed toachieve a format appropriate for playback or transfer to a portabledevice.

[0195] B. Function Partitioning and Flows

[0196] The Rights Management Architectural Model is shown in FIG. 5 andthis illustrates the mapping of the architectural layers to theoperating components making up the Secure Digital Content ElectronicDistribution System 100 and the key functions in each layer.

[0197] 1. Content Formatting Layer 507

[0198] The general functions associated with the Content FormattingLayer 507 are Content Preprocessing 502 and Compression 511 at theContent Provider(s) 101, and Content De-scrambling 513 and Decompression515 at the End-User Device(s) 109. The need for preprocessing and theexamples of specific functions were mentioned above. Content Compression511 is used to reduce the file size of the Content 113 and itstransmission time. Any compression algorithm appropriate for the type ofContent 113 and transmission medium can be used in the Secure DigitalContent Electronic Distribution System 100. For music, MPEG ½/4,DolbyAC-2 and AC-3, Sony Adaptive Transform Coding (ATRAC), and low-bitrate algorithms are some of the typically used compression algorithms.The Content 113 is stored in the End-User Device(s) 109 in compressedform to reduce the storage size requirement. It is decompressed duringactive playback. De-scrambling is also performed during active playback.The purpose and type of scrambling will be described later during thediscussion of the Content Usage Control Layer 505.

[0199] 2. Content Usage Control Layer 505

[0200] The Content Usage Control Layer 505 permits the specification andenforcement of the conditions or restrictions imposed on the use ofContent 113 use at the End-User Device(s) 109. The conditions mayspecify the number of plays allowed for the Content 113, whether or nota secondary copy of the Content 113 is allowed, the number of secondarycopies, and whether or not the Content 113 maybe copied to an externalportable device. The Content Provider(s) 101 sets the allowable UsageConditions 517 and transmits them to the Electronic Digital ContentStore(s) 103 in a SC (see the License Control Layer 501 section). TheElectronic Digital Content Store(s) 103 can add to or narrow the UsageConditions 517 as long as it doesn't invalidate the original conditionsset by the Content Provider(s) 101. The Electronic Digital ContentStore(s) 103 then transmits all Store Usage Conditions 519 (in a SC) tothe End-User Device(s) 109 and the Clearinghouse(s) 105. TheClearinghouse(s) 105 perform Usage Conditions Validation 521 beforeauthorizing the Content 113 release to an End-User Device(s) 109.

[0201] The enforcement of the content Usage Conditions 517 is performedby the Content Usage Control Layer 505 in the End-User Device(s) 109.First, upon reception of the Content 113 copy from the ContentIdentification Layer 503 in the End-User Device(s) 109 marks the Content113 with a Copy/Play Code 523 representing the initial copy/playpermission. Second, the Player Application 195 cryptographicallyscrambles the Content 113 before storing it in the End-User Device(s)109. The Player Application 195 generates a scrambling key for eachContent item, and the key is encrypted and hidden in the End-UserDevice(s) 109. Then, every time the End-User Device(s) 109 accesses theContent 113 for copy or play, the End-User Device(s) 109 verifies thecopy/play code before allowing the de-scrambling of the Content 113 andthe execution of the play or copy. The End-User Device(s) 109 alsoappropriately updates the copy/play code in the original copy of theContent 113 and on any new secondary copy. The copy/play coding isperformed on Content 113 that has been compressed. That is, there is noneed to decompress the Content 113 before the embedding of the copy/playcode.

[0202] The End-User Device(s) 109 uses a License Watermark 527 to embedthe copy/play code within the Content 113. Only the End-User PlayerApplication 195 that is knowledgeable of the embedding algorithm and theassociated scrambling key is able to read or modify the embedded data.The data is invisible or inaudible to a human observer; that is, thedata introduces no perceivable degradation to the Content 113. Since thewatermark survives several steps of content processing, datacompression, D-to-A and A-to-D conversion, and signal degradationintroduced by normal content handling, the watermark stays with theContent 113 in any representation form, including analog representation.In an alternate embodiment, instead of using a License Watermark 527 toembed the copy/play code within the Content 113, the End-User PlayerApplication 195 uses securely stored Usage Conditions 519.

[0203] 3. Content Identification Layer 503

[0204] As part of the Content Identification Layer 503, the ContentProvider(s) 101 also uses a License Watermark 527 to embed data in theContent 113 such as to the content identifier, content owner and otherinformation, such as publication date and geographic distributionregion. This watermark is referred to here as the Copyright Watermark529. Upon reception, the End-User Device(s) 109 watermarks the copy ofthe Content 113 with the content purchaser's name and the Transaction ID535 (see the License Control Layer 501 section below), and with otherinformation such as date of license and Usage Conditions 517. Thiswatermark is referred to here as the license watermark. Any copy ofContent 113, obtained in an authorized manner or not, and subject toaudio processing that preserves the content quality, carries thecopyright and license watermarks. The Content Identification Layer 503deters piracy.

[0205] 4. License Control Layer 501

[0206] The License Control Layer 501 protects the Content 113 againstunauthorized interception and ensures that the Content is only releasedon an individual basis to an End-User(s) that has properly licensedEnd-User Device(s) 109 and successfully completes a license purchasetransaction with an authorized Electronic Digital Content Store(s) 103.The License Control Layer 501 protects the Content 113 by doubleEncryption 531. The Content 113 is encrypted using an encryptionsymmetric key generated by the Content Provider(s) 101, and thesymmetric key is encrypted using the public key 621 of theClearinghouse(s). Only the Clearinghouse(s) 1 05 can initially recoverthe symmetric key.

[0207] License control is designed with the Clearinghouse(s) 105 as the“trusted party”. Before releasing permission for the License Request537, (i.e. the Symmetric Key 623 for the Content 113 to an End-UserDevice(s) 109), the Clearinghouse(s) 105 verifies that the Transaction541 and the License Authorization 543 are complete and authentic, thatthe Electronic Digital Content Store(s) 103 has authorization from theSecure Digital Content Electronic Distribution System 100 for the saleof electronic Content 113, and that the End-User(s) has a properlylicensed application. Audit/Reporting 545 allows the generation ofreports and the sharing of licensing transaction information with otherauthorized parties in the Secure Electronic Digital Content DistributionSystem 100.

[0208] License control is implemented through SC Processing 533. SC(s)are used to distribute encrypted Content 113 and information among thesystem operation components (more about the SC(s) detailed structuresections below). A SC is cryptographic carrier of information that usescryptographic encryption, digital signatures and digital certificates toprovide protection against unauthorized interception and modification ofthe electronic information or Content 113. It also allows for theauthenticity verification of the electronic data.

[0209] License control requires that the Content Provider(s) 101, theElectronic Digital Content Store(s) 103, and the Clearinghouse(s) 105have bona-fide cryptographic digital certificates from reputableCertificate Authorities that are used to authenticate those components.The End-User Device(s) 109 are not required to have digitalcertificates.

[0210] C. Content Distribution and Licensing Control

[0211]FIG. 6 is a block diagram illustrating an overview of the ContentDistribution and Licensing Control as it applies to the License ControlLayer of FIG. 5. The figure depicts the case in which the ElectronicDigital Content Store(s) 103, End-User Device(s) 109 and theClearinghouse(s) 105 are interconnected via the Internet, and unicast(point-to-point) transmission is used among those components. Thecommunication between the Content Provider(s) 101 and the ElectronicDigital Content Store(s) 103 could also be over the Internet or othernetwork. It is assumed that the Content-purchase commercial transactionbetween the End-User Device(s) 109 and the Electronic Digital ContentStore(s) 103 is based on standard Internet Web protocols. As part of theWeb-based interaction, the End-User(s) makes the selection of theContent 113 to purchase, provides personal and financial information,and agrees to the conditions of purchase. The Electronic Digital ContentStore(s) 103 could obtain payment authorization from an acquirerinstitution using a protocol such as SET.

[0212] It is also assumed in FIG. 6 that the Electronic Digital ContentStore(s) 103 has downloaded the End-User Player Application 195 to anEnd-User Device(s) 109 based on standard Web protocols. The architecturerequires that the Electronic Digital Content Store(s) 103 assigns aunique application ID to the downloaded Player Application 195 and thatthe End-User Device(s) 109 stores it for later application licenseverification (see below).

[0213] The overall licensing flow starts at the Content Provider(s) 101.The Content Provider(s) 101 encrypts the Content 113 using an encryptionsymmetric key locally generated, and encrypts the Symmetric Key 623using the Clearing house's 105 public key 621. In an alternateembodiment, the symmetric key instead of being locally generated my besent to the Content Provider(s) 101 from the Clearinghouse(s) 105. TheContent Provider(s) 101 creates a Content SC(s) 630 around the encryptedContent 113, and a Metadata SC(s) 620 around the encrypted Symmetric Key623, Store Usage Conditions 519, and other Content 113 associatedinformation. There is one Metadata SC(s) 620 and one Content SC(s) 630for every Content 113 object. The Content 113 object maybe a compressionlevel one same song or the Content 113 object maybe each song on thealbum or the Content 113 object may be the entire album. For eachContent 113 object, the Metadata SC(s) 620 also carries the Store UsageConditions 519 associated with the Content Usage Control Layer 505.

[0214] The Content Provider(s) 101 distributes the Metadata SC(s) 620 toone or more Electronic Digital Content Store(s) 103 (step 601) and theContent SC(s) 630 to one or more Content Hosting Sites (step 602). EachElectronic Digital Content Store(s) 103, in turn creates an Offer SC(s)641. The Offer SC(s) 641 typically carries much of the same informationas the Metadata SC(s) 620, including the Digital Signature 624 of theContent Provider(s) 101 and the Certificate (not shown of the ContentProvider(s) 101. As mentioned above, the Electronic Digital ContentStore(s) 103 can add to or narrow the Store Usage Conditions 519(handled by the Control Usage Control Layer) initially defined by theContent Provider(s) 101. Optionally, the Content SC(s) 630 and/or theMetadata SC(s) 620 is signed with a Digital Signature 624 of the ContentProvider(s) 101.

[0215] After the completion of the Content-purchase transaction betweenthe End-User Device(s) 109 and the Electronic Digital Content Store(s)103 (step 603), the Electronic Digital Content Store(s) 103 creates andtransfers to the End-User Device(s) 109 a Transaction SC(s) 640 (step604). The Transaction SC(s) 640 includes a unique Transaction ID 535,the purchaser's name(i.e. End-User(s)') (not shown), the Public Key 661of the End-User Device(s) 109, and the Offer SC(s) 641 associated withthe purchased Content 113. Transaction Data 642 in FIG. 6 representsboth the Transaction ID 535 and the End-User(s) name (not shown). TheTransaction Data 642 is encrypted with the Public Key 621 of theClearinghouse(s) 105. Optionally, the Transaction SC(s) 640 is signedwith a Digital Signature 643 of the Electronic Digital Content Store(s)103.

[0216] Upon reception of the Transaction SC(s) 640 (and the Offer SC(s)641 included in it), the End-User Player Application 195 running onEnd-User Device(s) 109 solicits license authorization from theClearinghouse(s) 105 by means of an Order SC(s) 650 (step 605). TheOrder SC(s) 650 includes the encrypted Symmetric Key 623 and Store UsageConditions 519 from the Offer SC(s) 641, the encrypted Transaction Data642 from the Transaction SC(s) 640, and the encrypted Application ID 551from the End-User Device(s) 109. In another embodiment, the Order SC(s)650 is signed with a Digital Signature 652 of the End-User Device(s)109.

[0217] Upon reception of the Order SC(s) 650 from the End-User Device(s)109, the Clearinghouse(s) 105 verifies:

[0218] 1. that the Electronic Digital Content Store(s) 103 hasauthorization from the Secure Digital Content Electronic DistributionSystem 100 (exists in the Database 160 of the Clearinghouse(s) 105);

[0219] 2. that the Order SC(s) 650 has not been altered;

[0220] 3. that the Transaction Data 642 and Symmetric Key 623 arecomplete and authentic;

[0221] 4. that the electronic Store Usage Conditions 519 purchased bythe End-User Device(s) 109 are consistent with those Usage Conditions517 set by the Content Provider(s) 101; and

[0222] 5. that the Application ID 551 has a valid structure and that itwas provided by an authorized Electronic Digital Content Store(s) 103.

[0223] If the verifications are successful, the Clearinghouse(s) 105decrypts the Symmetric Key 623 and the Transaction Data 642 and buildsand transfers the License SC(s) 660 to the End-User Device(s) 109 (step606). The License SC(s) 660 carries the Symmetric Key 623 and theTransaction Data 642, both encrypted using the Public Key 661 of theEnd-User Device(s) 109. If any verification is not successful, theClearinghouse(s) 105 denies the license to the End-User Device(s) 109and informs the End-User Device(s) 109. The Clearinghouse(s) 105 alsoimmediately informs the Electronic Digital Content Store(s) 103 of thisverification failure. In an alternate embodiment, the Clearinghouse(s)105 signs the License SC(s) 660 with its Digital Signature 663.

[0224] After receiving the License SC(s) 660, the End-User Device(s) 109decrypts the Symmetric Key 623 and the Transaction Data 642 previouslyreceived from the Clearinghouse(s) 105 and requests the Content SC(s)630 (step 607) from a Content Hosting Site(s) 111. Upon arrival of theContent SC(s) 630 (step 608), the End-User Device(s) 109 decrypts theContent 113 using the Symmetric Key 623 (step 609), and passes theContent 113 and the Transaction Data 642 to the other layers for licensewatermarking, copy/play coding, scrambling, and further Content 113processing as described previously for FIG. 5.

[0225] Finally, the Clearinghouse(s) 105 on a periodic basis transmitssummary transaction reports to the Content Provider(s) 101 and theElectronic Digital Content Store(s) 103 for auditing and trackingpurposes (step 610).

[0226] V. Secure Container Structure

[0227] A. General Structure

[0228] A Secure Container (SC) is a structure that consists of severalparts which together define a unit of Content 113 or a portion of atransaction, and which also define related information such as UsageConditions, metadata, and encryption methods. SC(s) are designed in sucha way that the integrity, completeness, and authenticity of theinformation can be verified. Some of the information in SC(s) may beencrypted so that it can only be accessed after proper authorization hasbeen obtained.

[0229] SC(s) include at least one bill of materials (BOM) part which hasrecords of information about the SC(s) and about each of the partsincluded in the SC(s). A message digest is calculated, using a hashingalgorithm such as MD-5, for each part and then included in the BOMrecord for the part. The digests of the parts are concatenated togetherand another digest is computed from them and then encrypted using theprivate key of the entity creating the SC(s) to create a digitalsignature. Parties receiving the SC(s) can use the digital signature toverify all of the digests and thus validate the integrity andcompleteness of the SC(s) and all of its parts.

[0230] The following information maybe included as records in the BOMalong with the records for each part. The SC(s) type determines whichrecords need to be included:

[0231] SC(s) version

[0232] SC(s) ID

[0233] Type of SC(s) (e.g. Offer, Order, Transaction, Content, Metadataor promotional and License.)

[0234] Publisher of the SC(s)

[0235] Date that the SC(s) was created

[0236] Expiration date of the SC(s)

[0237] Clearinghouse(s) URL

[0238] Description of the digest algorithm used for the included parts(default is MD-5)

[0239] Description of the algorithm used for the digital signatureencryption (default is RSA)

[0240] Digital signature (encrypted digest of all of the concatenateddigests of the included parts)

[0241] SC(s) may include more than one BOM. For example, an Offer SC(s)641 consists of the original Metadata SC(s) 620 parts, including itsBOM, as well as additional information added by the Electronic DigitalContent Store(s) 103 and a new BOM. A record for the Metadata SC(s) 620BOM is included in the Offer SC(s) 641 BOM. This record includes adigest for the Metadata SC(s) 620 BOM which can be used to validate itsintegrity and therefore, the integrity of the parts included from theMetadata SC(s) 620 can also be validated using the part digest valuesstored in Metadata SC(s) 620 BOM. None of the parts from the MetadataSC(s) 620 have records in the new BOM that was created for the OfferSC(s) 641. Only parts added by the Electronic Digital Content Store(s)103 and the Metadata SC(s) 620 BOM have records in the new BOM.

[0242] SC(s) may also include a Key Description part. Key Descriptionparts include records that contain the following information aboutencrypted parts in the SC(s):

[0243] The name of the encrypted part.

[0244] The name to use for the part when it is decrypted.

[0245] The encryption algorithm used to encrypt the part.

[0246] Either a Key Identifier to indicate the public encryption keythat was used to encrypt the part or an encrypted symmetric key that,when decrypted, is used to decrypt the encrypted part.

[0247] The encryption algorithm used to encrypt the symmetric key. Thisfield is only present when the record in the Key Description partincludes an encrypted symmetric key that was used to encrypt theencrypted part.

[0248] A Key Identifier of the public encryption key that was used toencrypt the symmetric key. This field is only present when the record inthe Key Description part includes an encrypted symmetric key and theencryption algorithm identifier of the symmetric key that was used toencrypt the encrypted part.

[0249] If the SC(s) does not contain any encrypted parts, then there isno Key Description part.

[0250] B. Rights Management Language Syntax and Semantics

[0251] The Rights Management Language consists of parameters that can beassigned values to define restrictions on the use of the Content 113 byan End-User(s) after the Content 113 purchase. The restrictions on theuse of the Content 113 is the Usage Conditions 517. Each ContentProvider(s) 101 specifies the Usage Conditions 517 for each of itsContent 113 items. Electronic Digital Content Store(s) 103 interpret theUsage Conditions 517 in Metadata SC(s) 620 and use the information toprovide select options they wish to offer their customers as well as addretail purchase information for the Content 113. After an End-User(s)has selected a Content 113 item for purchase, the End-User Device(s) 109requests authorization for the Content 113 based on Store UsageConditions 519. Before the Clearinghouse(s) 105 sends a License SC(s)660 to the End-User(s), the Clearinghouse(s) 105 verifies that the StoreUsage Conditions 519 being requested are in agreement with the allowableUsage Conditions 517 that were specified by the Content Provider(s) 101in the Metadata SC(s) 620.

[0252] When an End-User Device(s) 109 receives the Content 113 that waspurchased, the Store Usage Conditions 519 are encoded into that Content113 using the Watermarking Tool or encoded in the securely stored UsageConditions 519. The End-User Player Application 195 running on End-UserDevice(s) 109 insures that the Store Usage Conditions 519 that wereencoded into the Content 113 are enforced.

[0253] The following are examples of Store Usage Conditions 519 for anembodiment where the Content 113 is music:

[0254] Song is recordable.

[0255] Song can be played n number of times.

[0256] C. Overview of Secure Container Flow and Processing

[0257] Metadata SC(s) 620 are built by Content Provider(s) 101 and areused to define Content 113 items such as songs. The Content 113 itselfis not included in these SC(s) because the size of the Content 113 istypically too large for Electronic Digital Content Store(s) 103 andEnd-User(s) to efficiently download the containers just for the purposeof accessing the descriptive metadata. Instead, the SC(s) includes anexternal URL (Uniform Resource Locators) to point to the Content 113.The SC(s) also includes metadata that provides descriptive informationabout the Content 113 and any other associated data, such as for music,the CD cover art and/or digital audio clips in the case of song Content113.

[0258] Electronic Digital Content Store(s) 103 download the MetadataSC(s) 620, for which they are authorized, and build Offer SC(s) 641. Inshort, an Offer SC(s) 641 consists of some of the parts and the BOM fromthe Metadata SC(s) 620 along with additional information included by theElectronic Digital Content Store(s) 103. A new BOM for the Offer SC(s)641 is created when the Offer SC(s) 641 is built. Electronic DigitalContent Store(s) 103 also use the Metadata SC(s) 620 by extractingmetadata information from them to build HTML pages on their web sitesthat present descriptions of Content 113 to End-User(s), usually so theycan purchase the Content 113.

[0259] The information in the Offer SC(s) 641 that is added by theElectronic Digital Content Store(s) 103 is typically to narrow theselection of Usage Conditions 517 that are specified in the MetadataSC(s) 620 and promotional data such as a graphic image file of thestore's logo and a URL to the store's web site. An Offer SC(s) 641template in the Metadata SC(s) 620 indicates which information can beoverridden by the Electronic Digital Content Store(s) 103 in the OfferSC(s) 641 and what, if any, additional information is required by theElectronic Digital Content Store(s) 103 and what parts are retained inthe embedded Metadata SC(s) 620.

[0260] Offer SC(s) 641 are included in a Transaction SC(s) 640 when anEnd-User(s) decides to purchase Content 113 from an Electronic DigitalContent Store(s) 103. The Electronic Digital Content Store(s) 103 buildsa Transaction SC(s) 640 and includes Offer SC(s) 641 for each Content113 item being purchased and transmits it to the End-User Device(s) 109.The End-User Device(s) 109 receives the Transaction SC(s) 640 andvalidates the integrity of the Transaction SC(s) 640 and the includedOffer SC(s) 641.

[0261] An Order SC(s) 650 is built by the End-User Device(s) 109 foreach Content 113 item being purchased. Information is included from theOffer SC(s) 641, from the Transaction SC(s) 640, and from theconfiguration files of the End-User Device(s) 109. Order SC(s) 650 aresent to the Clearinghouse(s) 105 one at a time. The Clearinghouse(s) 105URL where the Order SC(s) 650 is included as one of the records in theBOM for the Metadata SC(s) 620 and included again in the Offer SC(s)641.

[0262] The Clearinghouse(s) 105 validates and processes Order SC(s) 650to provide the End-User Device(s) 109 with everything that is requiredto a License Watermark 527 and access purchased Content 113. One of thefunctions of the Clearinghouse(s) 105 is to decrypt the Symmetric Keys623 that are needed to decrypt the watermarking instructions from theOffer SC(s) 641 and the Content 113 from the Content SC(s) 630. Anencrypted Symmetric Key 623 record actually contains more than theactual encrypted Symmetric Key 623. Before executing the encryption, theContent Provider(s) 101 may optionally append its name to the actualSymmetric Key 623. Having the Content Provider(s)' 101 name encryptedtogether with the Symmetric Key 623 provides security against a pirateContent Provider(s) 101 that has built its own Metadata SC(s) 620 andContent SC(s) 630 from legal SC(s). The Clearinghouse(s) 105 verifiesthat the name of the Content Provider(s) 101 encrypted together with theSymmetric Keys 623 matches the name of the Content Provider(s) 101 inthe SC(s) certificate.

[0263] If there are any changes required to be made to the watermarkinginstructions by the Clearinghouse(s) 105, then the Clearinghouse(s) 105decrypts the Symmetric Key 623 and then modifies the watermarkinginstructions and encrypts them again using anew Symmetric Key 623. TheSymmetric Key 623 is then re-encrypted using the Public Key 661 of theEnd-User Device(s) 109. The Clearinghouse(s) 105 also decrypts the otherSymmetric Keys 623 in the SC(s) and encrypts them again with the PublicKey 661 of the End-User Device(s) 109. The Clearinghouse(s) 105 builds aLicense SC(s) 660 that includes the newly encrypted Symmetric Keys 623and updated watermarking instructions and sends it to the End-UserDevice(s) 109 in response to the Order SC(s) 650. If the processing ofthe Order SC(s) 650 does not complete successfully, then theClearinghouse(s) 105 returns to the End-User Device(s) 109 an HTML pageor equivalent reporting the failure of the authorization process.

[0264] A License SC(s) 660 provides an End-User Device(s) 109 witheverything that is needed to access a Content 113 item. The End-UserDevice(s) 109 requests the appropriate Content SC(s) 630 from theContent Hosting Site(s) 111. Content SC(s) 630 are built by ContentProvider(s) 101 and include encrypted Content 113 and metadata parts.The End-User Player Application 195 uses the Symmetric Keys 623 from theLicense SC(s) 660 to decrypt the Content 113, metadata, and watermarkinginstructions. The watermarking instructions are then affixed into theContent 113 and the Content 113 is scrambled and stored on the End-UserDevice(s) 109.

[0265] D. Metadata Secure Container 620 Format

[0266] The following table shows the parts that are included in aMetadata SC(s) 620. Each box in the Parts column is a separate objectincluded in the SC(s) along with the BOM (with the exception of partnames that are surrounded by [ ] characters). The BOM contains a recordfor each part included in the SC(s). The Part Exists column indicateswhether the part itself is actually included in the SC(s) and the Digestcolumn indicates whether a message digest is computed for the part. Someparts may not be propagated when a SC(s) is included in other SC(s) (asdetermined by the associated template), although the entire original BOMis propagated. This is done because the entire BOM is required by theClearinghouse(s) 105 to verify the digital signature in the originalSC(s).

[0267] The Key Description Part columns of the following table definethe records that are included in the Key Description part of the SC(s).Records in the Key Description part define information about theencryption keys and algorithms that were used to encrypt parts withinthe SC(s) or parts within another SC(s). Each record includes theencrypted part name and, if necessary, a URL that points to anotherSC(s) that includes the encrypted part. The Result Name column definesthe name that is assigned to the part after it is decrypted. The EncryptAlg column defines the encryption algorithm that was used to encrypt thepart. The Key Id/Enc Key column defines either an identification of theencryption key that was used to encrypt the part or a base64 encoding ofthe encrypted Symmetric Key 623 bit string that was used to encrypt thepart. The Sym Key Alg column is an optional parameter that defines theencryption algorithm that was used to encrypt the Symmetric Key 623 whenthe previous column is an encrypted Symmetric Key 623. The Sym Key IDcolumn is an identification of the encryption key that was used toencrypt the Symmetric Key 623 when the Key Id/Enc Key column is anencrypted Symmetric Key 623. BOM Key Description Part Parts Part ExistsDigest Result Name Encrypt Alg Key Id/Enc Key Sym Key Alg Sym Key ID[Content URL] Output Part RC4 Enc Sym Key RSA CH Pub Key [Metadata URL]Output Part RC4 Enc Sym Key RSA CH Pub Key SC Version SC ID SC Type SCPublisher Date Expiration Date Clearinghouse(s) URL Digeat Algorithm IDDigital Signature Alg ID Content ID Yes Yes Metadata Yes Yes Usageconditions Yes Yes SC Templates Yes Yes Watermarking Intructions Yes YesOutput Part RC4 Enc Sym Key RSA CH Pub Key Key Description Part Yes YesClearinghouse(s) Certificate(s) Yes No Certificate(s) Yes No DigitalSignature

[0268] The following describes the terms that are used in the aboveMetadata SC(s) table:

[0269] [Content URL]—A parameter in a record in the Key Descriptionpart. This is a URL that points to the encrypted Content 113 in theContent SC(s) 630 that is associated with this Metadata SC(s) 620. TheMetadata SC(s) 620 itself does not contain the encrypted Content 113.

[0270] [Metadata URL]—A parameter in a record in the Key Descriptionpart. This is a URL that points to the encrypted metadata in the ContentSC(s) 630 that is associated with this Metadata SC(s) 620. The MetadataSC(s) 620 itself does not contain the encrypted metadata.

[0271] Content ID—A part that defines a unique ID assigned to a Content113 item. There is more than one Content ID included in this part if theMetadata SC(s) 620 references more than one Content 113 item.

[0272] Metadata—Parts that contain information related to a Content 113item such as the artist name and CD cover art in the case of a song.There may be multiple metadata parts, some of which maybe encrypted. Theinternal structure of the metadata parts is dependent on the type ofmetadata contained therein.

[0273] Usage Conditions—A part that contains information that describesusage options, rules, and restrictions to be imposed on an End-User(s)for use of the Content 113.

[0274] SC(s) Templates—Parts that define templates that describe therequired and optional information for building the Offer, Order, andLicense SC(s) 660.

[0275] Watermarking Instructions—A part that contains the encryptedinstructions and parameters for implementing watermarking in the Content113. The watermarking instructions may be modified by theClearinghouse(s) 105 and returned back to the End-User Device(s) 109within the License SC(s) 660. There is a record in the Key Descriptionpart that defines the encryption algorithm that was used to encrypt thewatermarking instructions, the output part name to use when thewatermarking instructions are decrypted, a base64 encoding of theencrypted Symmetric Key 623 bit string that is was used to encrypt thewatermarking instructions, the encryption algorithm that was used toencrypt the Symmetric Key 623, and the identification of the public keythat is required to decrypt the Symmetric Key 623.

[0276] Clearinghouse(s) Certificate(s)—A certificate from acertification authority or from the Clearinghouse(s) 105 that containsthe signed Public Key 621 of the Clearinghouse(s) 105. There may be morethan one certificate, in which case a hierarchical level structure isused with the highest level certificate containing the public key toopen the next lowest level certificate is reached which contains thePublic Key 621 of the Clearinghouse(s) 105.

[0277] Certificate(s)—A certificate from a certification authority orfrom the Clearinghouse(s) 105 that contains the signed Public Key 621 ofthe entity that created the SC(s). There maybe more than onecertificate, in which case a hierarchical level structure is used withthe highest level certificate containing the public key to open the nextlevel certificate, and so on, until the lowest level certificate isreached which contains the public key of the SC(s) creator.

[0278] SC Version—A version number assigned to the SC(s) by the SCPacker Tool.

[0279] SC ID—A unique ID assigned to the SC(s) by the entity thatcreated the SC(s).

[0280] SC Type—Indicates the type of SC(s) (e.g. Metadata, Offer, Order,etc.)

[0281] SC Publisher—Indicates the entity that created the SC(s).

[0282] Creation Date—Date that the SC(s) was created.

[0283] Expiration Date—Date the SC(s) expires and is no longer valid.

[0284] Clearinghouse(s) URL—Address of the Clearinghouse(s) 105 that theEnd-User Player Application 195 should interact with to obtain theproper authorization to access the Content 113.

[0285] Digest Algorithm ID—An identifier of the algorithm used tocompute the digests of the parts.

[0286] Digital Signature Alg ID—An identifier of the algorithm used toencrypt the digest of the concatenated part digests. This encryptedvalue is the digital signature.

[0287] Digital Signature—A digest of the concatenated part digestsencrypted with the public key of the entity that created the SC(s).

[0288] Output Part—The name to assign to the output part when anencrypted part is decrypted.

[0289] RSA and RC4—Default encryption algorithms used to encrypt theSymmetric Keys 623 and data parts.

[0290] Enc Sym Key—A base64 encoding of an encrypted key bitstring that,when decrypted, is used to decrypt a SC(s) part.

[0291] CH Pub Key—An identifier that indicates that the Clearinghouse's105 Public Key 621 was used to encrypt the data.

[0292] E. Offer Secure Container 641 Format

[0293] The following table shows the parts that are included in theOffer S C(s) 641. The parts, with the exception of some of the metadataparts, and BOM from the Metadata SC(s) 620 are also included in theOffer SC(s) 641. BOM Key Description Part Parts Part Exists DigestResult Name Encrypt Alg Key Id/Enc Key Sym Key Alg Sym Key ID MetadataSC Parts [Content URL] Output Part RC4 Enc Sym Key ESA CE Pub Key[Metadata URL] Output Part RC4 Enc Sym Key RSA CH Pub Key SC Version SCID SC Type SC Publisher Date Expiration Date Clearinghouse(s) URL DigestAlgorithms ID Digital Signature Mg ID Content ID Yes Yes Metadata SomeYes Usage Conditions Yes Yes SC Templates Yes Yes WatermarkingInstructions Yes Yes Output Part RCA Enc Sym Key RSA CH Pub Key KeyDescription Part Yes Yes Clearinghouse(s) Certificate(s) Yes NoCertificate(s) Yes No Digital Signature Offer SC Parts SC Version SC IDSC Type SC Publisher Date Expiration Date Digest Algorithms ID DigitalSignature Mg ID Metadata SC BOM Yes Yes Additional and Overridden YesYes Electronic Digital Content Yes No Store(s) CertificateCertificate(s) Yes No Digital Signature

[0294] The following describes the terms that are used in the aboveOffer SC(s) 641 that were not previously described for another SC(s):

[0295] Metadata SC(s) BOM—The BOM from the original Metadata SC(s) 620.The record in the Offer SC(s) 641 BOM includes the digest of theMetadata SC(s) 620 BOM.

[0296] Additional and Overridden Fields—Usage conditions informationthat was overridden by the Electronic Digital Content Store(s) 103. Thisinformation is validated by the Clearinghouse(s) 105, by means of thereceived SC(s) templates, to make sure that anything that the ElectronicDigital Content Store(s) 103 overrides is within the scope of itsauthorization.

[0297] Electronic Digital Content Store(s) Certificate—A certificateprovided to the Electronic Digital Content Store(s) 103 by theClearinghouse(s) 105 and signed by the Clearinghouse(s) 105 using itsprivate key. This certificate is used by the End-User Player Application195 to verify that the Electronic Digital Content Store(s) 103 is avalid distributor of Content 113. The End-User Player Application 195and Clearinghouse(s) 105 can verify that the Electronic Digital ContentStore(s) 103 is an authorized distributor by decrypting thecertificate's signature with the Clearinghouse's 105 Public Key 621. TheEnd-User Player Application 195 keeps a local copy of theClearinghouse's 105 Public Key 621 that it receives as part of itsinitialization during installation.

[0298] F. Transaction Secure Container 640 Format

[0299] The following table shows the parts that are included in theTransaction SC(s) 640 as well as its BOM and Key Description parts. BOMKey Description Part Parts Part Exists Digest Result Name Encrypt AlgKey Id/Enc Key Sym Key Alg Sym Key ID SC Version SC ID SC Type SCPublisher Date Expiration Date Digest Algorithm ID Digital Signature AlgID Transaction ID Yes Yes Output Part RSA CH Pub Key End-User(s) ID YesYes Output Part RSA CH Pub Key End-User(s)' Public Key Yes Yes OfferSC(s) Yes Yes Selections of Content Use Yes Yes HTML to Display Yes YesKey Description Part Yes Yes Electronic Digital Content Yes No Store(s)Certificate Digital Signature

[0300] The following describes the terms that are used in the aboveTransaction SC(s) 640 that were not previously described for anotherSC(s):

[0301] Transaction ID 535—An ID assigned by the Electronic DigitalContent Store(s) 103 to uniquely identify the transaction.

[0302] End-User(s) ID—An identification of the End-User(s) obtained bythe Electronic Digital Content Store(s) 103 at the time the End-User(s)makes the buying selection and provides the credit card information.

[0303] End-User(s)' Public Key—The End-User(s)' Public Key 661 that isused by the Clearinghouse(s) 105 to re-encrypt the Symmetric Keys 623.The End-User(s)' Public Key 661 is transmitted to the Electronic DigitalContent Store(s) 103 during the purchase transaction.

[0304] Offer SC(s)—Offer SC(s) 641 for the Content 113 items that werepurchased.

[0305] Selections of Content Use—An array of Usage Conditions for eachContent 113 item being purchased by the End-User(s). There is an entryfor each Offer SC(s) 641.

[0306] HTML to Display—One or more HTML pages that the End-User PlayerApplication 195 displays in the Internet browser window upon receipt ofthe Transaction SC(s) 640 or during the interaction between the End-UserDevice(s) 109 and the Clearinghouse(s) 105.

[0307] When the End-User Device(s) 109 receives a Transaction SC(s) 640,the following steps may be performed to verify the integrity andauthenticity of the SC(s):

[0308] 1. Verify the integrity of the Electronic Digital ContentStore(s) 103 certificate using the Public Key 621 of theClearinghouse(s) 105. The Public Key 621 of the Clearinghouse(s) 105 wasstored at the End-User Device(s) 109 after it was received as part ofthe initialization of the End-User Player Application 195 during itsinstallation process.

[0309] 2. Verify the Digital Signature 643 of the SC(s) using the publickey from the Electronic Digital Content Store(s) 103 certificate.

[0310] 3. Verify the hashes of the SC(s) parts.

[0311] 4. Verify the integrity and authenticity of each Offer SC(s) 641included in the Transaction SC(s) 640.

[0312] G. Order Secure Container 650 Format

[0313] The following table shows the parts that are included in theOrder SC(s) 650 as well as its BOM and Key Description parts. Theseparts either provide information to the Clearinghouse(s) 105 fordecryption and verification purposes or is validated by theClearinghouse(s) 105. The parts and BOM from the Offer SC(s) 641 arealso included in the Order SC(s) 650. The Some string in the Part Existscolumn of the Metadata SC(s) BOM indicates that the some of those partsare not included in the Order SC(s) 650. The BOM from the Metadata SC(s)620 is also included without any change so that the Clearinghouse(s) 105can validate the integrity of the Metadata SC(s) 620 and its parts. BOMKey Description Part Parts Part Exists Digest Result Name Encrypt AlgKey Id/Enc Key Sym Key Alg Sym Key ID Metadata SC(s) Parts [Content URL]Output Part RC4 Enc Sym Key RSA CH Pub Key [Metadata URL] Output PartRC4 Enc Sym Key RSA CH Pub Key SC(s) Version SC(S) ID SC(s) Type SC(s)Publisher Date Expiration Date Clearinghouse(s) URL Digest Algorithm IDDigital Signature Alg ID Content ID Yes Yes Metadata Some Yes UsageConditions Yes Yes SC(s) Templates Yes Yes Watermarking Instructions YesYes Output Part RC4 Enc Sym Key RSA CH Pub Key Key Description Part YesYes Clearinghouse(s) Certificate(s) Yes No Certificate(s) Yes No DigitalSignature Offer SC(s) Parts SC(s) Version SC(s) ID SC(s) Type SC(s)Publisher Date Expiration Date Digest Algorithm ID Digital Signature AlgID Metadata SC(s) BOM Yes Yes Additional and Overridden Yes Yes FieldsElectronic Digital Content Yes No Store(s) Certificate Certificate(s)Yes No Digital Signature Transactson SC(s) Parts SC(s) Version SC(s) IDSC(s) Type SC(s) Publisher Date Expiration Date Digest Algorithm IDDigital Signature Alg ID Transaction ID Yes Yes Output Part RSA CH PubKey End-User(s) ID Yes Yes Output Part RSA CH Pub Key End-User(s)'Public Key Yes Yes Offer SC(s) One Offer Yes SC(s) Selections of ContentUse Yes Yes HTML to Display us Browser Yes Yes Wdw Key Description PartYes Yes Electronic Digital Content Yes No Store(s) Certificate DigitalSignature Order SC(s) Parts SC(s) Version SC(s) ID SC(s) Type SC(s)Publisher Date Expiration Date Digest Algorithm ID Digital Signature MgID Offer SC(s) BOM Yes Yes Transaction SC(s) BOM Yes Yes EncryptedCredit Card Info Yes Ye Output Part RSA CH Pub Key Key Description PartYes Yes Digital Signature

[0314] The following describes the terms that are used in the aboveOrder SC(s) 650 that were not previously described for another SC(s):

[0315] Transaction SC(s) BOM—The BOM in the original Transaction SC(s)640. The record in the Order SC(s) 650 BOM includes the digest of theTransaction SC(s) 640 BOM.

[0316] Encrypted Credit Card Info.—Optional encrypted information fromthe End-User(s) that is used to charge the purchase to a credit card ordebit card. This information is required when the Electronic DigitalContent Store(s) 103 that created the Offer SC(s) 641 does not handlethe customer billing, in which case the Clearinghouse(s) 105 may handlethe billing.

[0317] H. License Secure Container 660 Format

[0318] The following table shows the parts that are included in theLicense SC(s) 660 as well as its BOM. As shown in the Key Descriptionpart, the Symmetric Keys 623 that are required for decrypting thewatermarking instructions, Content 113, and Content 113 metadata havebeen re-encrypted by the Clearinghouse(s) 105 using the End-User(s)'Public Key 661. When the End-User Device(s) 109 receives the LicenseSC(s) 660 it decrypts the Symmetric Keys 623 and use them to access theencrypted parts from the License SC(s) 660 and the Content SC(s) 630.BOM Key Description Part Parts Part Exists Digest Result Name EncryptAlg Key Id/Enc Key Sym Key Alg Sym Key ID [Content URL] Output Part RC4Enc Sym Key RSA EU Pub Key [Metadata URL] Output Part RC4 Enc Sym KeyRSA EU Pub Key SC(s) Version SC(s) ID SC(s) Type SC(s) Publisher DateExpiration Date Digest Algorithm ID Digital Signature Alg ID Content IDYes Yes Usage Conditions Yes Yes Transaction Data Yes Yes WatermarkingInstructions Yes Yes Output Part RC4 Enc Sym Key RSA EU Pub Key KeyDescription Part Yes Yes Certificate(s) Yes No Digital Signature

[0319] The following describes the terms that are used in the aboveLicense SC(s) 660 that were not previously described for another SC(s):

[0320] EU Pub Key—An identifier that indicates that the End-User(s)'Public Key 661 was used to encrypt the data.

[0321] Order SC(s) 650 ID—The SC(s) ID taken from the Order SC(s) 650BOM.

[0322] Certificate Revocation List—An optional list of certificate IDswhich were previously issued and signed by the Clearinghouse(s) 105, butare no longer considered to be valid. Any SC(s) that have a signaturewhich can be verified by a certificate that is included in therevocation list are invalid SC(s). The End-User Player Application 195stores a copy of the Clearinghouse's 105 certificate revocation list onthe End-User Device(s) 109. Whenever a revocation list is received, theEnd-User Player Application 195 replaces its local copy if the new oneis more up to date. Revocation lists includes a version number or a timestamp (or both) in order to determine which list is the most recent.

[0323] I. Content Secure Container Format

[0324] The following table shows the parts that are included in theContent SC(s) 630 as well as the BOM: BOM Parts Part Exists Digest SC(s)Version SC(s) ID SC(S) Type SC(s) Publisher Date Expiration DateClearinghouse(s) 105 URL Digest Algorithm ID Digital Signature Alg IDContent ID Yes Yes Encrypted Content Yes Yes Encrypted Metadata Yes YesMetadata Yes Yes Certificate(s) Yes No Digital Signature

[0325] The following describes the terms used in the above Content SC(s)630 that were not previously described for another SC(s):

[0326] Encrypted Content—Content 113 that was encrypted by a ContentProvider(s) 101 using a Symmetric Key 623.

[0327] Encrypted Metadata—Metadata associated with the Content 113 thatwas encrypted by a Content Provider(s) 101 using a Symmetric Key 623.

[0328] There is no Key Description part included in the Content SC(s)630 since the keys required to decrypt the encrypted parts are in theLicense SC(s) 660 that is built at the Clearinghouse(s) 105.

[0329] VI. Secure Container Packing and Unpacking

[0330] A. Overview

[0331] The SC(s) Packer is a 32-bit Windows' program with an API(Application Programming Interface) that can be called in either amultiple or single step process to create a SC(s) with all of thespecified parts. The SC(s) Packer 151,152,153 variety of hardwareplatforms supporting Windows' program at the Content Provider(s) 101,Clearinghouse(s) 105, Electronic Digital Content Store(s) 103 and othersites requiring SC(s) Packing. A BOM and, if necessary, a KeyDescription part a recreated and included in the SC(s). A set of packerAPIs allows the caller to specify the information required to generatethe records in the BOM and Key Description parts and to include parts inthe SC(s). Encryption of parts and Symmetric Keys 623 as well ascomputing the digests and the digital signature is also be performed bythe packer. Encryption and digest algorithms that are supported by thepacker are included in the packer code or they are called through anexternal interface.

[0332] The interface to the packer for building a SC(s) is done by anAPI that accepts the following parameters as input:

[0333] A pointer to a buffer of concatenated structures. Each structurein the buffer is a command to the packer with the information that isrequired to execute the command. Packer commands include adding a partto the SC(s) with an associated BOM record, adding a record to the BOM,and adding records to the Key Description part.

[0334] A value indicating the number of concatenated structurescontained in the above described buffer.

[0335] Name and location of the BOM part.

[0336] A value with each bit being a defined flag or a reserved flag forfuture use. The following flags are currently defined:

[0337] Indication as to whether all of the parts of the SC(s) should bebundled together into a single file after all of the structures in thebuffer have been processed. Bundling the parts into a single object isthe last step that is performed when building a SC(s).

[0338] Indication as to whether the digital signature is omitted fromthe BOM part. If this flag is not set, then the digital signature iscomputed right before the SC(s) is bundled into a single object.

[0339] In an alternate embodiment, the interface to the packer forbuilding a SC(s) is done by APIs that accept the following parameters asinput:

[0340] First, an API is called to create a Bill of Materials (BOM) partby passing in pointer to a structure that consists of information thatis used to initialize SC(s) settings that are denoted as IP records inthe SC(s) BOM part, the name to use for the BOM part, a default locationto look for parts that will be added, and a flags value. This APIreturns a SC(s) handle that is used in subsequent Packer APIs.

[0341] The Packer has an API that is used whenever a part is added to aSC(s). This API accepts a SC(s) handle, which was previously returned bya previous Packer API, a pointer to a structure that consists ofinformation about the part that is being added, and a flags value.Information about the part being added includes the name and location ofthe part, the name to use in the BOM for the part, the type of part thatis being added, a hash value for the part, flags, etc.

[0342] After all of the parts have been added to the SC(s) a Packer APIis called to pack all of the parts, including the BOM part, into asingle SC(s) object, which is typically a file. This API accepts a SC(s)handle, which was previously returned by a previous Packer API, the nameto use for the packed SC(s), a pointer to a structure with informationfor signing the SC(s), and a flags value.

[0343] Either the packer or the entity calling the packer can use aSC(s) template to build a SC(s). SC(s) templates have information thatdefine parts and records that are required in the SC(s) that is beingbuilt. Templates can also define encryption methods and key referencesto use for encrypting Symmetric Keys 623 and encrypted parts.

[0344] The packer has an API that is used to unpack a SC(s). Unpacking aSC(s) is the process of taking a SC(s) and separating it into itsindividual parts. The packer can then be called to decrypt any of theencrypted parts that were unpacked from the SC(s).

[0345] B. Bill of Materials (BOM) Part

[0346] The BOM part is created by the packer when a SC(s) is beingbuilt. The BOM is a text file that contains records of information aboutthe SC(s) and about the parts that are included in the SC(s). Eachrecord in the BOM is on a single line with a new line indicating thestart of a new record. The BOM usually includes digests for each partand a digital signature that can be used to validate the authenticityand integrity of the SC(s).

[0347] The record types within a BOM are as follows:

[0348] IP An IP record contains a set of Name=Value pairs pertaining tothe SC(s). The following Names are reserved for specific properties ofSC(s):

[0349] V major.minor.fix

[0350] The V property specifies the version of the SC(s). This is theversion number of the SC(s) specification that the SC(s) was createdunder. The string that follows should be of the form major.minor.fix,where major, minor, and fix are the major release number, minor releasenumber, and fix level, respectively.

[0351] ID value

[0352] The ID property is a unique value that is assigned to thisspecific SC(s) by the entity that is creating this SC(s). The format ofthe value is defined in a later version of this document.

[0353] T value

[0354] The T property specifies the type of the SC(s), which should beone of:

[0355] ORD—An Order SC(s) 650.

[0356] OFF—An Offer SC(s) 641. LIC - A License SC(s). TRA - ATransaction SC(s) 640. MET - A Metadata SC(s) 620. CON - A Content SC(s)630.

[0357] A value

[0358] The A property identifies the author or publisher of the SC(s).Author/publisher identities should be unambiguous and/or registered withthe Clearinghouse(s) 105.

[0359] D value

[0360] The D property identifies the date, and optionally, the time thatthe SC(s) was created. The value should be of the formyyyy/mm/dd[@hh:mm[:ss[.fsec]][(TZ)]] representingyear/month/day@hour:minute:second.decimal-fraction-of-second(time-zone). Optional parts of the value are enclosed in [ ] characters.

[0361] E value

[0362] The E property identifies the date, and optionally, the time thatthe SC(s) expires. The value should be the same form used in the Dproperty that was previously defined. The expiration date/time should becompared, whenever possible, with the date/time at the Clearinghouse(s)105.

[0363] CCURL value

[0364] The CCURL property identifies the URL of the Clearinghouse(s)105. The value should be of the form of a valid external URL.

[0365] H value

[0366] The H property identifies the algorithm that was used tocalculate the message digests for the parts included in the SC(s). Anexample digest algorithm is MD5.

[0367] D AD record is a data or part entry record that containsinformation that identifies the type of part, the name of the part, the(optional) digest of the part, and an (optional) indication that thepart is not included in the SC(s). A—sign immediately after the typeidentifier is used to indicate that the part is not included in theSC(s). The following are reserved types of data or part records:

[0368] K part_name [digest]

[0369] Specifies the Key Description part.

[0370] W part_name [digest]

[0371] Specifies the watermarking instructions part.

[0372] C part_name [digest]

[0373] Specifies the certificate(s) used to validate the digitalsignature.

[0374] T part_name [digest]

[0375] Specifies the Usage Conditions part.

[0376] YF part_name [digest]

[0377] Specifies the Template part for the Offer SC(s) 641.

[0378] YO part_name [digest]

[0379] Specifies the Template part for the Order SC(s) 650.

[0380] YL part_name [digest]

[0381] Specifies the Template part for the License SC(s) 660.

[0382] ID part_name [digest]

[0383] Specifies the ID(s) of the Content 113 of the item(s) of Content113 being referenced.

[0384] CH part_name [digest]

[0385] Specifies the Clearinghouse(s) 105 certificate part.

[0386] SP part_name [digest]

[0387] Specifies the Electronic Digital Content Store(s) 103 certificatepart.

[0388] B part_name [digest]

[0389] Specifies a BOM part for another SC(s) that has its parts or asubset of its parts included in this SC(s).

[0390] BP part_name sc_part_name [digest]

[0391] Specifies a BOM part for another SC(s) that is included as asingle part in this SC(s). The sc_part_name parameter is the name of theSC(s) part that is included in this SC(s) and that this BOM partdefines. A BOM that is identical to this one is also included in theSC(s) that is defined by the sc_part_name parameter.

[0392] D part_name [digest]

[0393] Specifies a data (or metadata) part.

[0394] S An S record is a signature record the is used to define thedigital signature of the SC(s). The digital signature is specified asfollows:

[0395] S key_identifier signature_string signature_algorithm

[0396] The S record contains the key_identifier to indicate theencryption key of the signature, the signature_string, which is thebase64 encoding of the digital signature bit string, and the signaturealgorithm that was used to encrypt the digest to create the digitalsignature.

[0397] C. Key Description Part

[0398] The Key Description part is created by the packer to provideinformation about encryption keys that are needed for decryption ofSC(s) encrypted parts. The encrypted parts maybe included in the SC(s)being built or maybe in other SC(s) which are referred to by the SC(s)being built. The Key Description part is a text file that containsrecords of information about the encryption keys and the parts for whichthe encryption keys are used. Each record in the Key Description part ison a single line with a new line indicating the start of a new record.

[0399] The following record type is used within a Key Description partand is defined as follows:

[0400] K encrypted_part_name; result_part_name;part_encryption_algorithm_identifier; public_key_identifierkey_encryption_algorithm and encrypted_symmetric_key.

[0401] AK record specifies an encrypted part that may be included inthis SC(s) or may be included in another SC(s) that is referred to bythis record. The encrypted_part_name is either the name of a part inthis SC(s) or a URL pointing to the name of the encrypted part inanother SC(s). The result_part_name is the name that is given to thedecrypted part. The part_encryption_algorithm_identifier indicates theencryption algorithm that was used to encrypt the part. Thepublic_key_identifier is an identifier of the key that was used toencrypt the Symmetric Key 623.

[0402] The key_encryption_algorithm_identifier indicates the encryptionalgorithm that was used to encrypt the Symmetric Key 623. The encryptedsymmetric key is a base64 encoding of the encrypted Symmetric Key 623bit string that was used to encrypt the part.

[0403] VII. Clearinghouse(s) 105

[0404] A. Overview

[0405] The Clearinghouse(s) 105 is responsible for the rights managementfunctions of the Secure Digital Content Electronic Distribution System100. Clearinghouse(s) 105 functions include enablement of ElectronicDigital Content Store(s) 103, verification of rights to Content 113,integrity and authenticity validation of the buying transaction andrelated information, distribution of Content encryption keys orSymmetric Keys 623 to End-User Device(s) 109, tracking the distributionof those keys, and reporting of transaction summaries to ElectronicDigital Content Store(s) 103 and Content Provider(s) 101. Contentencryption keys are used by End-User Device(s) 109 to unlock Content 113for which they have obtained rights, typically by a purchase transactionfrom an authorized Electronic Digital Content Store(s) 103. Before aContent encryption key is sent to an End-User Device(s) 109, theClearinghouse(s) 105 goes through a verification process to validate theauthenticity of the entity that is selling the Content 113 and therights that the End-User Device(s) 109 has to the Content 113. This iscalled the SC Analysis Tool 185. In some configurations theClearinghouse(s) 105 may also handle the financial settlement of Content113 purchases by co-locating a system at the Clearinghouse(s) 105 thatperforms the Electronic Digital Content Store(s) 103 functions of creditcard authorization and billing. The Clearinghouse(s) 105 uses OEMpackages such as IC Verify and Taxware to handle the credit cardprocessing and local sales taxes.

[0406] Electronic Digital Content Store(s) Embodiment

[0407] An Electronic Digital Content Store(s) 103 that wants toparticipate as a seller of Content 113 in the Secure Digital ContentElectronic Distribution System 100 makes a request to one or more of theDigital Content Provider(s) 101 that provide Content 113 to the SecureDigital Content Electronic Distribution System 100. There is nodefinitive process for making the request so long as the two partiescome to an agreement. After the digital content label such as a MusicLabel e.g. Sony, Time-Warner, etc. decides to allow the ElectronicDigital Content Store(s) 103 to sell its Content 113, theClearinghouse(s) 105 is contacted, usually via E-mail, with a requestthat the Electronic Digital Content Store(s) 103 be added to the SecureDigital Content Electronic Distribution System 100. The digital contentlabel provides the name of the Electronic Digital Content Store(s) 103and any other information that maybe required for the Clearinghouse(s)105 to create a digital certificate for the Electronic Digital ContentStore(s) 103. The digital certificate is sent to the digital contentlabel in a secure fashion, and then forwarded by the digital contentlabel to the Electronic Digital Content Store(s) 103. TheClearinghouse(s) 105 maintains a database of digital certificates thatit has assigned. Each certificate includes a version number, a uniqueserial number, the signing algorithm, the name of the issuer(e.g., thename of Clearinghouse(s) 105), a range of dates for which thecertificate is considered to be valid, the name Electronic DigitalContent Store(s) 103, the public key of the Electronic Digital ContentStore(s) 103, and a hash code of all of the other information signedusing the private key of the Clearinghouse(s) 105. Entities that havethe Public Key 621 of the Clearinghouse(s) 105 can validate thecertificate and then be assured that a SC(s) with a signature that canbe validated using the public key from the certificate is a valid SC(s).

[0408] After the Electronic Digital Content Store(s) 103 has receivedits digital certificate that was created by the Clearinghouse(s) 105 andthe necessary tools for processing the SC(s) from the digital contentlabel, it can begin offering Content 113 that can be purchased byEnd-User(s). The Electronic Digital Content Store(s) 103 includes itscertificate and the Transaction SC(s) 640 and signs the SC(s) using itsDigital Signature 643. The End-User Device(s) 109 verifies that theElectronic Digital Content Store(s) 103 is a valid distributor ofContent 113 on the Secure Digital Content Electronic Distribution System100 by first checking the digital certificate revocation list and thenusing the Public Key 621 of the Clearinghouse(s) 105 to verify theinformation in the digital certificate for the Electronic DigitalContent Store(s) 103. A digital certificate revocation list ismaintained by the Clearinghouse(s) 105. The revocation list maybeincluded as one of the parts in a License SC(s) 660 that is created bythe Clearinghouse(s) 105. End-User Device(s) 109 keep a copy of therevocation list on the End-User Device(s) 109 so they can use it as partof the Electronic Digital Content Store(s) 103 digital certificatevalidation. Whenever the End-User Device(s) 109 receives a License SC(s)660 it determines whether anew revocation list is included and if so,the local revocation list on the End-User Device(s) 109 is updated.

[0409] B. Rights Management Processing

[0410] Order SC(s) Analysis

[0411] The Clearinghouse(s) 105 receives an Order SC(s) 650 from anEnd-User(s) after the End-User(s) has received the Transaction SC(s)640, which include the Offer SC(s) 641, from the Electronic DigitalContent Store(s) 103. The Order SC(s) 650 consists of parts that containinformation relative to the Content 113 and its use, information aboutthe Electronic Digital Content Store(s) 103 that is selling the Content113, and information about the End-User(s) that is purchasing theContent 113. Before the Clearinghouse(s) 105 begins processing theinformation in the Order SC(s) 650, it first performs some processing toinsure that the SC(s) is in fact valid and the data it contains has notbeen corrupted in any way.

[0412] Validation

[0413] The Clearinghouse(s) 105 begins the validation of Order SC(s) 650by verifying the digital signatures, then the Clearinghouse(s) 105verifies the integrity of the Order SC(s) 650 parts. To validate thedigital signatures, first the Clearinghouse(s) 105 decrypts the Contents631 of the signature itself using the Public Key 661 of the signingentity included if signed. (The signing entity could be the ContentProvider(s) 101, the Electronic Digital Content Store(s) 103, the EndUser Device(s) 109 or any combination of them.) Then, theClearinghouse(s) 105 calculates the digest of the concatenated partdigests of the SC(s) and compares it with the digital signature'sdecrypted Content 113. If the two values match, the digital signature isvalid. To verify the integrity of each part, the Clearinghouse(s) 105computes the digest of the part and compares it to the digest value inthe BOM. The Clearinghouse(s) 105 follows the same process to verify thedigital signatures and part integrity for the Metadata and Offer SC(s)641 parts included within the Order SC(s) 650.

[0414] The process of verification of the Transaction and Offer SC(s)641 digital signatures also indirectly verifies that the ElectronicDigital Content Store(s) 103 is authorized by the Secure Digital ContentElectronic Distribution System 100. This is based on the fact that theClearinghouse(s) 105 is the issuer of the certificates. Alternately, theClearinghouse(s) 105 would be able to successfully verify the digitalsignatures of the Transaction SC(s) 640 and Offer SC(s) 641 using thepublic key from the Electronic Digital Content Store(s) 103, but only ifthe entity signing the SC(s) has ownership of the associated privatekey. Only the Electronic Digital Content Store(s) 103 has ownership ofthe private key. Notice that the Clearinghouse(s) 105 does not need tohave a local database of the Electronic Digital Content Store(s) 103.Since the store uses the Clearinghouse Public Key to sign theTransaction SC(s) 640 Offer SC(s) 641 public keys.

[0415] Then, the Store Usage Conditions 519 of the Content 113 which theEnd-User(s) is purchasing are validated by the Clearinghouse(s) 105 toinsure that they fall within the restrictions that were set in theMetadata SC(s) 620. Recall that the Metadata SC(s) 620 is includedwithin the Order SC(s) 650.

[0416] Key Processing

[0417] Processing of the encrypted Symmetric Keys 623 and of thewatermarking instructions are done by the Clearinghouse(s) 105 afterauthenticity and the integrity check of the Order SC(s) 650, thevalidation of the Electronic Digital Content Store(s) 103, and thevalidation of the Store Usage Conditions 519 have been completedsuccessfully. The Metadata SC(s) 620 portion of the Order SC(s) 650typically has several Symmetric Keys 623 located in the Key Descriptionpart that were encrypted using the Public Key 621 of theClearinghouse(s) 105. Encryption of the Symmetric Keys 623 are done bythe Content Provider(s) 101 when the Metadata SC(s) 620 was created.

[0418] One Symmetric Key 623 are used for decrypting the watermarkinginstructions and the others for decrypting the Content 113 and anyencrypted metadata. Since Content 113 can represent a single song or anentire collect of songs on a CD, a different Symmetric Key 623 maybeused for each song. The watermarking instructions are included withinthe Metadata SC(s) 620 portion in the Order SC(s) 650. The Content 113and encrypted metadata are in the Content SC(s) 630 at a Content HostingSite(s) 111. The URL and part names of the encrypted Content 113 andmetadata parts, within the Content SC(s) 630, are included in the KeyDescription part of the Metadata SC(s) 620 portion of the Order SC(s)650. The Clearinghouse(s) 105 uses its private key to decrypt theSymmetric Keys 623 and then encrypts each of them using the Public Key661 of the End-User Device(s) 109. The Public Key 661 of the End-UserDevice(s) 109 is retrieved from the Order SC(s) 650. The new encryptedSymmetric Keys 623 are included in the Key Description part of theLicense SC(s) 660 that the Clearinghouse(s) 105 returns to the End-UserDevice(s) 109.

[0419] During the time of processing the Symmetric Keys 623, theClearinghouse(s) 105 may want to make modifications to the watermarkinginstructions. If this is the case, then after the Clearinghouse(s) 105decrypts the Symmetric Keys 623, the watermarking instructions aremodified and re-encrypted. The new watermarking instructions areincluded as one of the parts within the License SC(s) 660 that getsreturned to the End-User Device(s) 109.

[0420] If all of the processing of the Order SC(s) 650 is successful,then the Clearinghouse(s) 105 returns a License SC(s) 660 to theEnd-User Device(s) 109. The End-User Device(s) 109 uses the LicenseSC(s) 660 information to download the Content SC(s) 630 and access theencrypted Content 113 and metadata. The watermarking instructions arealso executed by the End-User Device(s) 109. If the Clearinghouse(s) 105is not able to successfully process the Order SC(s) 650, then an HTMLpage is returned to the End-User Device(s) 109 and displayed in anInternet browser window.

[0421] The HTML page indicates the reason that the Clearinghouse(s) 105was unable to process the transaction.

[0422] In an alternate embodiment, if the user has purchased a copy ofthe Content 113 prior to the release date set for the sale, theLicense(s) SC 660 is returned without the Symmetric Keys 623. TheLicense(s) SC 660 is returned to the Clearinghouse(s) 105 on or afterthe release date to receive the Symmetric Keys 623. As an example, theContent Provider(s) 101 allow users to download a new song prior to therelease date for the song to enable customers to download the song andbe prepared to play the song before a date set by the ContentProvider(s) 101. This allows immediate opening of the Content 113 on therelease date without having to content for bandwidth and download timeon the release date.

[0423] C. Country Specific Parameters

[0424] Optionally, the Clearinghouse(s) 105 uses the domain name of theEnd-User Device(s) 109 and, whenever possible, the credit card billingaddress to determine the country location of the End-User(s). If thereare any restrictions for the sale of Content 113 in the country wherethe End-User(s) resides, then the Clearinghouse(s) 105 insures that thetransaction being processed is not violating any of those restrictionsbefore transmitting License SC(s) 660 to the End-User Device(s) 109. TheElectronic Digital Content Store(s) 103 is also expected to participatein managing the distribution of Content 113 to various countries byperforming the same checks as the Clearinghouse(s) 105. TheClearinghouse(s) 105 does whatever checking that it can in case theElectronic Digital Content Store(s) 103 is ignoring the country specificrules set by the Content Provider(s) 101.

[0425] D. Audit Logs and Tracking

[0426] The Clearinghouse(s) 105 maintains a Audit Logs 150 ofinformation for each operation that is performed during Content 113purchase transactions and report request transactions. The informationcan be used for a variety of purposes such as audits of the SecureDigital Content Electronic Distribution System 100, generation ofreports, and data mining.

[0427] The Clearinghouse(s) 105 also maintains account balances inBilling Subsystem 182 for the Electronic Digital Content Store(s) 103.Pricing structures for the Electronic Digital Content Store(s) 103 isprovided to the Clearinghouse(s) 105 by the digital content labels. Thisinformation can include things like current specials, volume discounts,and account deficit limits that need to be imposed on the ElectronicDigital Content Store(s) 103. The Clearinghouse(s) 105 uses the pricinginformation to track the balances of the Electronic Digital ContentStore(s) 103 and insure that they do not exceed their deficit limits setby the Content Provider(s) 101.

[0428] The following operations are typically logged by theClearinghouse(s) 105:

[0429] End-User Device(s) 109 requests for License SC(s) 660

[0430] Credit card authorization number when the Clearinghouse(s) 105handles the billing

[0431] Dispersement of License SC(s) 660 to End-User Device(s) 109

[0432] Requests for reports

[0433] Notification from the End-User(s) that the Content SC(s) 630 andLicense SC(s) 660 were received and validated

[0434] The following information is typically logged by theClearinghouse(s) 105 for a License SC(s) 660:

[0435] Date and time of the request Date and time of the purchasetransaction

[0436] Content ID of the item being purchased

[0437] Identification of the Content Provider(s) 101

[0438] Store Usage Conditions 519

[0439] Watermarking instruction modifications

[0440] Transaction ID 535 that was added by the Electronic DigitalContent Store(s) 103

[0441] Identification of the Electronic Digital Content Store(s) 103

[0442] Identification of the End-User Device(s) 109

[0443] End-User(s) credit card information (if the Clearinghouse(s) 105is handling the billing)

[0444] The following information is typically logged by theClearinghouse(s) 105 for an End-User's credit card validation:

[0445] Date and time of the request

[0446] Amount charged to the credit card

[0447] Content ID of the item being purchased

[0448] Transaction ID 535 that was added by the Electronic DigitalContent Store(s) 103

[0449] Identification of the Electronic Digital Content Store(s) 103

[0450] Identification of the End-User(s)

[0451] End-User(s) credit card information

[0452] Authorization number received from the clearer of the credit card

[0453] The following information is typically logged by theClearinghouse(s) 105 when a License SC(s) 660 is sent to an End-UserDevice(s) 109:

[0454] Date and time of the request

[0455] Content ID of the item being purchased

[0456] Identification of Content Provider(s) 101

[0457] Usage Conditions 517

[0458] Transaction ID 535 that was added by the Electronic DigitalContent Store(s) 103

[0459] Identification of the Electronic Digital Content Store(s) 103

[0460] Identification of the End-User(s)

[0461] The following information is typically logged when a reportrequest is made:

[0462] Date and time of the request

[0463] Date and time the report was sent out

[0464] Type of report being requested

[0465] Parameters used to generate the report

[0466] Identifier of the entity requesting the report

[0467] E. Reporting of Results

[0468] Reports are generated by the Clearinghouse(s) 105 using theinformation that the Clearinghouse(s) 105 logged during End-User(s)purchase transactions. Content Provider(s) 101 and Electronic DigitalContent Store(s) 103 can request transaction reports from theClearinghouse(s) 105 via a Payment Verification Interface 183 so theycan reconcile their own transaction databases with the informationlogged by the Clearinghouse(s) 105. The Clearinghouse(s) 105 can alsoprovide periodic reports to the Content Provider(s) 101 and ElectronicDigital Content Store(s) 103.

[0469] The Clearinghouse(s) 105 defines a secure electronic interfacewhich allows Content Provider(s) 101 and Electronic Digital ContentStore(s) 103 to request and receive reports. The Report Request SC(s)includes a certificate that was assigned by the Clearinghouse(s) 105 tothe entity initiating the request. The Clearinghouse(s) 105 uses thecertificate and the SC's digital signature to verify that the requestoriginated from an authorized entity. The request also includesparameters, such as time duration, that define the scope of the report.The Clearinghouse(s) 105 validates the request parameters to insure thatrequesters can only receive information for which they are permitted tohave.

[0470] If the Clearinghouse(s) 105 determines that the Report RequestSC(s) is authentic and valid, then the Clearinghouse(s) 105 generates areport and pack it into a Report SC(s) to be sent to the entity thatinitiated the request. Some reports maybe automatically generated atdefined time intervals and stored at the Clearinghouse(s) 105 so theycan be immediately sent when a request is received. The format of thedata included in the report is defined in a later version of thisdocument.

[0471] F. Billing and Payment Verification

[0472] Billing of Content 113 can be handled either by theClearinghouse(s) 105 or by the Electronic Digital Content Store(s) 103.In the case where the Clearinghouse(s) 105 handles the billing of theelectronic Content 113, the Electronic Digital Content Store(s) 103separates the End-User(s)' order into electronic goods and, ifapplicable, physical goods. The Electronic Digital Content Store(s) 103then, notifies the Clearinghouse(s) 105 of the transaction, includingthe End-User(s)' billing information, and the total amount that needs tobe authorized. The Clearinghouse(s) 105 authorizes the End-User(s)'credit card and returns a notification back to the Electronic DigitalContent Store(s) 103. At the same time the Clearinghouse(s) 105 isauthorizing the End-User(s)' credit card, the Electronic Digital ContentStore(s) 103 can charge the End-User(s)' credit card for any physicalgoods that are being purchased. After each electronic item is downloadedby the End-User Device(s) 109, the Clearinghouse(s) 105 is notified sothe End-User(s)' credit card can be charged. This occurs as the laststep by the End-User Device(s) 109 before the Content 113 is enabled foruse at the End-User Device(s) 109.

[0473] In the case where the Electronic Digital Content Store(s) 103handles the billing of the electronic Content 113, the Clearinghouse(s)105 is not notified about the transaction until the End-User Device(s)109 sends the Order SC(s) 650 to the Clearinghouse(s) 105. TheClearinghouse(s) 105 is still notified by the End-User Device(s) 109after each electronic item is downloaded. When the Clearinghouse(s) 105is notified it sends a notification to the Electronic Digital ContentStore(s) 103 so that the Electronic Digital Content Store(s) 103 cancharge the End-User(s)' credit card.

[0474] G. Retransmissions

[0475] The Secure Digital Content Electronic Distribution System 100provides the ability to handle retransmissions of Content 113. This istypically performed by a Customer Service Interface 184. ElectronicDigital Content Store(s) 103 provides a user interface that theEnd-User(s) can step through in order to initiate a retransmission. TheEnd-User(s) goes to the Electronic Digital Content Store(s) 103 sitewhere the Content 113 item was purchased in order to request aretransmission of the Content 113.

[0476] Retransmissions of Content 113 are done when an End-User(s)requests a new copy of a previously purchased Content 113 item becausethe Content 113 could not be downloaded or the Content 113 that wasdownloaded is not usable. The Electronic Digital Content Store(s) 103determines whether the End-User(s) is entitled to do a retransmission ofthe Content 113. If the End-User(s) is entitled to a retransmission,then the Electronic Digital Content Store(s) 103 builds a TransactionSC(s) 640 that includes the Offer SC(s) 641 of the Content 113 item(s)being retransmitted. The Transaction SC(s) 640 is sent to the End-UserDevice(s) 109 and the identical steps as for a purchase transaction areperformed by the End-User(s). If the End-User Device(s) 109 has ascrambled key(s) in the key library for the Content 113 item(s)undergoing retransmission, then the Transaction SC(s) 640 includesinformation that instructs the End-User Device(s) 109 to delete thescrambled key(s).

[0477] In the case where the Clearinghouse(s) 105 handles the financialsettlement of Content 113 purchases, the Electronic Digital ContentStore(s) 103 includes a flag in the Transaction SC(s) 640 that iscarried forward to the Clearinghouse(s) 105 in the Order SC(s) 650. TheClearinghouse(s) 105 interprets the flag in the Order SC(s) 650 andproceed with the transaction without charging the End-User(s) for thepurchase of the Content 113.

[0478] VIII. Content Provider

[0479] A. Overview

[0480] The Content Provider(s) 101 in the Secure Digital ContentElectronic Distribution System 100 is the digital content label or theentity who owns the rights to the Content 113. The role of the ContentProvider(s) 101 is to prepare the Content 113 for distribution and makeinformation about the Content 113 available to Electronic DigitalContent Store(s) 103 or retailers of the downloadable electronicversions of the Content 113. To provide the utmost security and rightscontrol to the Content Provider(s) 101, a series of tools are providedto enable the Content Provider(s) 101 to prepare and securely packagetheir Content 113 into SC(s) at their premises so that the Content 113is secure when it leaves the Content Provider(s)' 101 domain and neverexposed or accessible by unauthorized parties. This allows Content 113to be freely distributed throughout a non-secure network, such as theInternet, without fear of exposure to hackers or unauthorized parties.

[0481] The end goal of the tools for the Content Provider(s) 101 is toprepare and package a Content 113 such as a song or series of songs intoContent SC(s) 630 and to package information describing the song,approved uses of the song (content Usage Conditions 517), andpromotional information for the song into a Metadata SC(s) 620. Toaccomplish this, the following set of tools are provided:

[0482] Work Flow Manager 154—Schedules processing activities and managesthe required synchronization of processes.

[0483] Content Processing Tools 155—A collection of tools to controlContent 113 file preparation including Watermarking, Preprocessing (foran audio example any required equalization, dynamics adjustment, orre-sampling) encoding and compression.

[0484] Metadata Assimilation and Entry Tool 161—A collection of toolsused to gather Content 113 description information from the Database 160of the Content Provider(s) and/or third party database or data importfiles and/or via operator interaction and provides means for specifyingcontent Usage Conditions 517. Also provided is an interface forcapturing or extracting content such as digital audio content for CDS orDDP files. A Quality Control Tool enables to preview of prepared contentand metadata. Any corrections needed to the metadata or resubmission ofthe content for further processing can be conducted.

[0485] SC(s) Packer Tool 152—Encrypts and packages all Content 113 andinformation and calls the SC(s) Packer to pack into SC(s).

[0486] Content Dispersement Tool (not shown)—Disperses SC(s) todesignated distribution centers, such as Content Hosting Site(s) 111 andElectronic Digital Content Store(s) 103.

[0487] Content Promotions Web Site 156—stores Metadata SC(s) 620 andoptionally additional promotional material for download by authorizedElectronic Digital Content Store(s) 103.

[0488] B. Work Flow Manager 154

[0489] The purpose of this tool is to schedule, track, and manageContent 113 processing activities. This application enables multi-useraccess as well as allowing scheduling of Content 113 and status checkingfrom remote locations within the Intranet or extranet of the ContentProvider(s) 101. This design also allows for collaborative processingwhere multiple individuals can be working on multiple pieces of Content113 in parallel and different individuals can be assigned specificresponsibilities and these individuals can be spread throughout theworld.

[0490] Turning now to FIG. 8 is a block diagram of the major processesof the Work Flow Manager 154 corresponding to FIG. 7. The majorprocesses in FIG. 8 summarizes the Content 113 processing functionsprovided by the tools described in this section. The Work Flow Manager154 is responsible for feeding jobs to these processes and directingjobs to the next required process upon completion of its currentprocess. This is accomplished through a series of ApplicationProgramming Interfaces (APIs) which each processing tool calls to:

[0491] retrieve the next job to process

[0492] indicate successful completion of a process

[0493] indicate unsuccessful completion of a process and reason for thefailure

[0494] provide interim status of a process (to allow initiation ofprocesses that require only partial completion of a dependent process)

[0495] add comments to a product which are made available to thedesignated processes

[0496] The Work Flow Manager 154 also has a user interface, an exampleWork Flow Manager User Interface 700 is illustrated in FIG. 7 whichprovides the following functions:

[0497] a configuration panel to allow specification of default valuesand conditions to be assigned and performed during various stages ofprocessing

[0498] customization of the work flow rules and automated processingflows

[0499] job scheduling

[0500] status queries and reports

[0501] add comments or instructions for a job associated to one or moreprocesses

[0502] job management (i.e. suspend, release, remove, change priority(order of processing))

[0503] Each process has a queue associated with it managed by the WorkFlow Manager 154. All processes requesting jobs from the Work FlowManager 154 results in the Work Flow Manager 154 either suspending theprocess (tool) in await state if there are no jobs currently in itsassociated queue or returning to the process all information about thejob needed to perform its respective process. If a process is suspendedin await state, it resumes processing when a job is placed on its queueby the Work Flow Manager 154.

[0504] The Work Flow Manager 154 also manages the flow or order ofprocessing based on a set of defined rules. These rules can becustomized by the Content Provider(s) 101 if it has special processingrequirements or configures specific defaults rules. When a processreports completion of its assigned task, it notifies the Work FlowManager 154 of this status and the Work Flow Manager 154 decides whatqueue the job gets placed on next based on the defined rules.

[0505] Comments indicating special handling instructions or notices mayalso be attached to the product at any of the processing steps viaeither the programming API or manually through the Work Flow ManagerUser Interface 700 or processor interfaces.

[0506] The processes in the Work Flow Manager 154 are implemented inJava in the preferred embodiment but other programming languages such asC/C++, Assembler and equivalent can be used. It should be understoodthat the processes described below for the Work Flow Manager 154 can runon a variety of hardware and software platforms. The Work Flow Manager154 as a complete system or as any of it's constitute processes maybedistributed as an application program in a computer readable mediumincluding but not limited to electronic distribution such as the web oron floppy diskettes, CD ROMS and removable hard disk drives.

[0507] Turning now to FIG. 8 is a block diagram of the major processesof the Work Flow Manager 154 corresponding to FIG. 7. The followingsections summarize each process and describes the information or actionrequired by each process.

[0508] 1. Products Awaiting Action/Information Process 801

[0509] Jobs are placed on specific processes queues once all informationrequired by that process is available and the job has alreadysuccessfully completed all dependent processing. A special queue existsin the Work Flow Manager 154 which is used to hold jobs that are notcurrently available for processing due to missing information or afailure that prevent further processing. These jobs are placed in theProducts Awaiting Action/information Process 801 queue. Each job in thisqueue has associated status to indicate the action or information it iswaiting on, the last process that worked on this job, and the nextprocess(es) this job is queued to once the missing or additionalinformation is provided or the required action is successfullycompleted.

[0510] Completion of any process causes the Work Flow Manager 154 tocheck this queue and determine if any job in this queue was awaiting thecompletion of this process (action) or information provided by thisprocess. If so, that job is queued to the appropriate process queue.

[0511] 2. New Content Request Process 802

[0512] The Content Provider(s) 101 determines those products (forexample, a product maybe a song or a collection of songs) it wishes tosell and deliver electronically. The initial function of the Work FlowManager 154 is to enable an operator to identify these products and toplace them on the queue of the New Content Request Process 802. TheContent Provider(s) 101 may specify through configuration options, whatinformation is prompted for on the product selection interface. Enoughinformation is entered to uniquely identify the product. Optionally,additional fields maybe included to request manual entry of theinformation required to initiate the audio processing phase in parallelwith the metadata acquisition. If not provided manually, thisinformation can optionally be retrieved from default configurationsettings or from the Database 160 of the Content Provider(s), obtainedin the first stage of Metadata Processing as in Automatic MetadataAcquisition Process 803. The makeup and capabilities of the Content 113in the Database 160 of the Content Provider(s) determines the Contentselection process.

[0513] If the required information needed to perform a query to theDatabase 160 of the Content Provider(s) 101 is specified, the job isprocessed by the Automatic Metadata Acquisition Process 803. In a musicembodiment, to properly schedule the product for audio processing, theproduct's genre and the desired compression levels are specified as wellas the audio PCM or WAV filename(s). This information maybe entered aspart of the product selection process or selected via a customized queryinterface or Web browser function. Specification of this informationenables the product to be scheduled for content processing.

[0514] The product selection user interface provides an option enablingthe operator to specify whether the product can be released forprocessing or whether it are held pending further information entry. Ifheld, the job is added to the queue of the New Content Request Process802 awaiting further action to complete data entry and/or release theproduct for processing. Once the product is released, the Work FlowManager 154 evaluates the information specified and determines whichprocesses the job is ready to be passed to.

[0515] If adequate information is provided to enable an automated queryto the Database 160 of the Content Provider(s)' 101, the job is queuedfor Automatic Metadata Acquisition Process 803. If the database mappingtable has not been configured for the Automatic Metadata AcquisitionProcess 803, the job is queued for Manual Metadata Entry Process 804(see Automatic Metadata Acquisition Process 803 section for details onthe Database Mapping Table).

[0516] If the required general information for audio processing and thespecific information required for watermarking is specified, the job isqueued for Watermarking Process 808 (the first phase of contentprocessing). If any of the required information is missing when the jobis released, the job is queued to the queue of the Products AwaitingAction/Information Process 801 along with status indicating theinformation that is missing.

[0517] If the status indicates that the filename of the Content 113, forexample where the Content 113 is audio and the PCM or WAV file ismissing, this may indicate that a capture (or digital extraction fromdigital media) is required. The audio processing functions require thatthe song files be accessible via a standard file system interface. Ifthe songs are located on external media or a file system that is notdirectly accessible to the audio processing tools, the files are firstbe copied to an accessible file system. If the songs are in digitalformat but on CD or Digital Tape, they are extracted to a file systemaccessible to the audio processing tools. Once the files are accessible,the Work Flow Manager User Interface 700 is used to specify or selectthe path and filename for the job so that it can be released to thewatermarking process, assuming all other information required forwatermarking has also been specified.

[0518]3. Automatic Metadata Acquisition Process 803

[0519] The Automatic Metadata Acquisition Process 803 performs a seriesof queries to the Database 160 of the Content Provider(s) 101 or astaging database where data has been imported, in an attempt to obtainas much of the product information as possible in an automated fashion.The Automatic Metadata Acquisition Process 803 requires the followinginformation prior to allowing items to be placed on its queue:

[0520] database mapping table with adequate information to generatequeries to the Database 160 of the Content Provider(s) 101

[0521] product information required to perform queries

[0522] adequate product information to uniquely define product

[0523] An automated query is performed to the Database 160 of theContent Provider(s) 101 to obtain the information necessary to processthis Content 113. For example, if the Content 113 is music, theinformation needed to perform this query could be the album name ormaybe a UPC or a specific album or selection ID as defined by theContent Provider(s) 101. Of the information to be obtained, some isdesignated as required (see the section on Automatic MetadataAcquisition Process 803 for details). If all required information isobtained, the job is next queued for Usage Conditions Process 805. Ifany required information is missing, the song is queued for ManualMetadata Entry Process 804. If any jobs in the Products AwaitingAction/Information Process 801 queue are waiting for any of theinformation obtained in this step, the jobs status is updated toindicate that it is no longer waiting for this information. If that jobno longer has any outstanding requirements, it is queued to the nextdefined queue.

[0524] 4. Manual Metadata Entry Process 804

[0525] The Manual Metadata Entry Process 804 provides a means for anoperator to enter missing information. It has no dependencies. Once allrequired information is specified, the job is queued for UsageConditions Process 805.

[0526] 5. Usage Conditions Process 805

[0527] The Usage Conditions Process 805 allows specification of productuses and restrictions. The Usage Conditions Process 805 may require somemetadata. Upon completion of Usage Conditions specifications, the job iseligible to be queued for Metadata SC(s) Creation Process 807 unless theSupervised Release Process 806 option has been requested or isconfigured as the default in the Work Flow Manager 154 rules. In thatcase, the job is queued for Supervised Release Process 806. Beforequeuing to Metadata SC(s) Creation Process 807, the Work Flow Manager154 will first assure that all dependencies for that process have beenmet(see below). If not, the job is queued to the Products AwaitingAction/Information Process 801.

[0528] 6. Supervised Release Process 806

[0529] The Supervised Release Process 806 allows a quality check andvalidation of information specified for the digital content product. Itdoes not have any dependencies. Comments previously attached to the jobat any stage of the processing for this product can be reviewed by theSupervisor and appropriate action taken. After reviewing all informationand comments, the Supervisor has the following options:

[0530] approve release and queue the product for Metadata SC(s) CreationProcess 807

[0531] modify and/or add information and queue the product for MetadataSC(s) Creation Process 807

[0532] add comments to the job and re-queue for Manual Metadata EntryProcess 804

[0533] add comments and queue the job to the queue for Products AwaitingAction/Information Process 801

[0534] 7. Metadata SC(s) Creation Process 807

[0535] The Metadata SC(s) Creation Process 807 gathers together all theinformation collected above as well as other information required forthe Metadata SC(s) 620 and calls the SC(s) Packer Process to create theMetadata SC(s) 620. This tool requires the following as input:

[0536] the required metadata

[0537] the usage conditions

[0538] the encryption keys used in the encryption stage of all qualitylevels for this product

[0539] This last dependency requires that the associated audio objectscompleted the audio processing phase before the Metadata SC(s) 620 canbe created. Upon completion of the Metadata SC(s) Creation Process 807,the job is queued to either the queue for Final Quality AssuranceProcess 813 or Content Dispersement Process 814 based on defined workflow rules.

[0540] 8. Watermarking Process 808

[0541] The Watermarking Process 808 adds copyright and other informationto the Content 113. For an embodiment where the Content 113 is a song,this tool requires the following as input:

[0542] song filename(s) (multiple filenames if album)

[0543] watermarking instructions

[0544] watermarking parameters (information to be included in thewatermark)

[0545] Upon completion of the Watermarking Process 808, the job isqueued for Preprocessing and Compression Process 809 if its requiredinput is available or otherwise queued to the Products AwaitingAction/Information Process 801.

[0546] 9. Preprocessing and Compression Process 809

[0547] The Preprocessing and Compression Process 809 encodes the Content113 to the specified compression level performing any requiredpreprocessing first. Queuing a job to this queue actually createmultiple queue entries. A job is created for each compression level ofthe product desired. The encoding processes can be performed in parallelon multiple systems. This tool requires the following input:

[0548] watermarked content filename(s) (multiple filenames if Content113 is an album)

[0549] quality levels for product (could be preconfigured)

[0550] compression algorithm (could be preconfigured)

[0551] product genre (if required by preprocessor)

[0552] Upon completion of the encoding process, the jobs are queued tothe Content Quality Control Process 810 if configured by the work flowrules. If not, the jobs are queued for Encryption Process 811.

[0553] If third party providers of encoding tools do not provide amethod to display the percentage of the Content 113, such as audio, thathas been processed or a method to indicate the amount of Content 113that has been encoded as a percentage of the entire selection of Content113 selected, in FIG. 11 there is shown a flow diagram 1100 of a methodto determine the encoding rate of Digital Content for the ContentPreprocessing and Compression tool of FIG. 8. The method begins with theselection of the desired encoding algorithm and a bit rate, step 1101.Next, a query is made to determine if this algorithm and encoding ratehas a previously calculated rate factor, step 1102. The rate factor isthe factor used to determine the rate of compression for a specificencoding algorithm and a specific bit rate. If no previously calculatedrate factor is stored, a sample of the Content 113 is encoded for apredetermined amount of time. The predetermined period of time in thepreferred embodiment is a few seconds. This rate of encoding for apredetermined period of time is used to calculate a new rate factorR_(NEW). Calculating a new rate factor R_(NEW) knowing the amount oftime and the amount of Content 113 encoded is R_(NEW)=(length of DigitalContent encoded)/(amount of time), step 1108. The Content 113 is encodedand the encoding status is displayed using the previously calculate ratefactor R_(NEW), step 1109. This encoding rate factor R_(NEW) is thenstored, step 1107, for future use for this encoding algorithm andencoding bit rate. If the selected algorithm has a previously calculatedrate factor R_(STORED), step 1103. The Content 113 is encoded and theprogression displayed using the previously calculated rate factorR_(STORED), step 1104. In the meantime, a current rate factor,R_(current) is calculated for this selected algorithm and bit rate, step1105. This current rate factor R_(current) is used to update the storedrate factor R_(NEW)=AVERAGE OF (R_(STORED)+R_(CURRENT)), step 1106. Theiterative update of the rate factor enables the determination of theencoding rate to become more and more accurate with each subsequent usefor a particular encoding algorithm and bit rate. The new rate R_(NEW)is then stored for future use, step 1107. The updating of R_(STORED) maynot be made if the current rate factor R_(current) is out range for thepreviously stored rate factor R_(STORED) by a given range or threshold.

[0554] The display of the encoding status can then be presented. Theencoding status includes along with the current encoding rate, thedisplay of the percentage of the total Content 113 displayed as aprogression bar based on the encoding rate and the total length of thefile for the Content 113. The encoding status can also include the timeremaining for the encoding. The time remaining for the encoding can becalculated by dividing the encoding rate calculated R_(CURRENT) by thetotal length of the file for Content 113. The encoding status can betransferred to another program that may invoke the calling process. Thiscan help supervisory programs to encoding or co-dependent programs onencoding be operated and be batched for processing more efficiently. Itshould be understood, in an alternative embodiment, that encoding caninclude the step of watermarking.

[0555] 10. Content Quality Control Process 810

[0556] The Content Quality Control Process 810 is similar in function tothe Supervised Release Process 806. It is an optional step allowingsomeone to validate the quality of the content processing performed thusfar. This has no dependencies other than completion of the WatermarkingProcess 808 and the encoding portion of the Preprocessing andCompression Process 809. Upon completion of the Content Quality ControlProcess 810 the following options are available:

[0557] the jobs can be released and queued for Encryption Process 811.

[0558] comments can be attached and one or more of the jobs re-queuedfor Preprocessing and Compression Process 809.

[0559] The last option requires that the unencoded watermarked versionof the song file remain available until after Content Quality ControlProcess 810.

[0560] 11. Encryption Process 811

[0561] The Encryption Process 811 calls the appropriate Secure DigitalContent Electronic Distribution Rights Management function to encrypteach of the watermarked/encoded song files. This process has nodependencies other than completion of all other audio processing. Uponcompletion of the Encryption Process 811 process, the job is queued forContent SC(s) Creation Process 812.

[0562] 12. Content SC(s) Creation Process 812

[0563] The Content SC(s) Creation Process 812 Process may require somemetadata files to be included in the Content SC(s) 630. If files otherthan the Content 113 are required, the files are gathered and the SC(s)Packer Process is called to create a Content SC(s) 630 for eachcompression level of the Content 113 (e.g. a song) created. Uponcompletion of the Content SC(s) Creation Process 812, the song is queuedto either the Final Quality Assurance Process 813 or ContentDispersement Process 814 queue based on defined work flow rules.

[0564] 13. Final Quality Assurance Process 813

[0565] Final Quality Assurance Process 813 is an optional step thatallows a cross reference check between the associated Metadata andContent SC(s) 630 to verify that they match up correctly and that allinformation and Content 113 contained therein are correct. Uponcompletion of Final Quality Assurance Process 813, the jobs are queuedfor Content Dispersement Process 814. If a problem is found, the job inmost cases has to be re-queued to the failing stage. Rework at thisstage is much more costly since the product has to go throughre-encryption and repacking in addition to the reprocessing required tocorrect the problem. It is highly recommended that the prior assurancestages be used to assure the quality of the Content 113 and accuracy andcompleteness of the information.

[0566] 14. Content Dispersement Process 814

[0567] The Content Dispersement Process 814 Process is responsible fortransferring the SC(s) to the appropriate hosting sites. After thesuccessful transfer of the SC(s), the job completion status is loggedand the job is deleted from the queue. If a problem occurs intransferring the SC(s), after a defined number of retries, the job isflagged in the Workflow Manager Tool 154 as having failed along with theerror encountered.

[0568] 15. Work Flow Rules

[0569] The Work Flow Rules for FIG. 8 operate in three major systems asfollows:

[0570] A: Work Flow Manager Tool 154

[0571] 1. New Content Request Process 802

[0572] 2. Products Awaiting Action/Information Process 801

[0573] 3. Final Quality Assurance Process 813

[0574] 4. Content Dispersement (and Notification) Process 814

[0575] B: Metadata Assimilation and Entry Tool 161

[0576] 1. Automatic Metadata Acquisition Process 803

[0577] 2. Manual Metadata Entry Process 804

[0578] 3. Supervised Release Process 806

[0579] 4. Metadata SC(s) Creation Process 807

[0580] C: Content Processing Tools 155

[0581] 1. Watermarking Process 808 (requires copyright data)

[0582] 2. Preprocessing and Compression Process 809

[0583] 3. Content Quality Control Process 810

[0584] 4. Encryption Process 811

[0585] 5. Content SC(s) Creation Process 812

[0586] Work Flow

[0587] The Content 113 selection operator inputs a new product and itstarts out queued onto A1 (New Content Request Process 802).

[0588] A1:

[0589] When the Content 113 selection operator releases it to the WorkFlow Manager Tool 154, then it gets queued onto B1 (the AutomaticMetadata Acquisition Process 803).

[0590] A2:

[0591] coming from step B1 (the Automatic Metadata Acquisition Process803),

[0592] or step B2 (Manual Metadata Entry Process 804),

[0593] or step B3 (Supervised Release Process 806)

[0594] on its way to step Before (the Metadata SC(s) Creation Process807)

[0595] [needs the encryption keys].

[0596] coming from step Before (the Metadata SC(s) Creation Process 807)

[0597] on its way to either step A3 (the Final Quality Assurance Process813) or step A4 (the Content Dispersement Process 814)

[0598] [needs the Content SC(s) 630].

[0599] coming from step C1 (the Watermarking Process 808)

[0600] on its way to step C2 (the Preprocessing and Compression Process809)

[0601] [needs the metadata for Preprocessing and Compression Process809].

[0602] coming from step C4 (the Encryption Process 811)

[0603] on its way to step C5 (the Content SC(s) Creation Process 812)

[0604] [needs the metadata for Content SC(s) 630 Packing].

[0605] coming from step C5 (the Content SC(s) Creation Process 812)

[0606] on its way to either step A3 (the Final Quality Assurance Process813) or step A4 (the Content Dispersement Process 814)

[0607] [needs the Metadata SC(s) 620].

[0608] A3:

[0609] After step A3 (the Final Quality Assurance Process 813),

[0610] place onto queue B2 (Manual Metadata Entry Process 804),

[0611] or place onto queue B3 (Supervised Release Process 806),

[0612] or place into queue as required by the quality assuranceoperator.

[0613] A4:

[0614] After step A4 (Content Dispersement Process 814),

[0615] the Work Flow Manager Tool 154 is done for this product.

[0616] B1:

[0617] After step B1 (the Automatic Metadata Acquisition Process 803),

[0618] if the metadata needed for step C1 (the Watermarking Process 808)is present, then place an entry representing this product onto queue C1.

[0619] (do the following logic also)

[0620] if either 1—any required metadata is missing, or 2—there arecomments directed to the manual metadata providers, then also place theproduct onto queue B2 (Manual Metadata Entry Process 804),

[0621] else if supervised release was requested for this product, thenplace the product onto queue B3 (Supervised Release Process 806).

[0622] else if the product has all the information from the ContentProcessing Tools 155 for all of the requested quality levels, then placethe product onto queue Before (the Metadata SC(s) Creation Process 807),

[0623] else flag the product as needs the encryption keys and place theproduct onto queue A2 (Products Awaiting Action/Information Process801).

[0624] B2:

[0625] During step B2 (Manual Metadata Entry Process 804),

[0626] if step C1 (the Watermarking Process 808) has not been done andthe metadata needed for step C1 is present, then place an entryrepresenting this product onto queue C1.

[0627] (do the following logic also)

[0628] if metadata needed for step C2 (the Preprocessing and CompressionProcess 809)just been provided, then

[0629] (do the following logic also)

[0630] if all the metadata that can be gathered by the MetadataAssimilation and Entry Tool 161 is present, then

[0631] if supervised release was requested for this product, then placethe product onto queue B3 (Supervised Release Process 806)

[0632] else

[0633] if all the information from step C4 (the Encryption Process 811)of the Content Processing Tools 155 is present, then place this productonto queue Before (the Metadata SC(s) Creation Process 807)

[0634] else flag the product as needs the encryption keys and place thisproduct onto queue A2 (Products Awaiting Action/Information Process801).

[0635] else

[0636] if the metadata provider requested a forced supervised release,then place the product onto queue B3 (Supervised Release Process 806)

[0637] else do nothing (keep the product on queue B2 (Manual MetadataEntry Process 804)).

[0638] B3:

[0639] During step B3 (Supervised Release Process 806),

[0640] if this operator is sending the product back to step B2 (ManualMetadata Entry Process 804), then place the product on queue B2.

[0641] else if this operator released the product, then

[0642] if all the information from step C4 (the Encryption Process 811)of the Content Processing Tools 155 is present, then place this productonto queue Before (the Metadata SC(s) Creation Process)

[0643] else flag the product as needs the encryption keys and place thisproduct onto queue A2 (Products Awaiting Action/Information Process801).

[0644] else the product remains on queue B3 (Supervised Release Process806).

[0645] Before:

[0646] After step Before (the Metadata SC(s) Creation Process 807),

[0647] flag the product Metadata has been packed.

[0648] if all the (product/quality level) tuples have been packed, then

[0649] if the Content Provider(s)' 101 configuration specifies QualityAssure the SC(s), then place this product onto queue A3 (the FinalQuality Assurance Process 813)

[0650] else place this product onto queue A4 (the Content DispersementProcess 814).

[0651] else flag the product as needs the Content 113 SC(s) and placethis product onto queue A2 (Products Awaiting Action/Information Process801).

[0652] C1:

[0653] After step C1 (the Watermarking Process 808),

[0654] if the metadata needed for step C2 (the Preprocessing andCompression Process 809) is present, then create an entry for each(product/quality level) tuple and place them onto queue C2,

[0655] else flag the product as needs the metadata forPreprocessing/Compression and place this product onto queue A2 (ProductsAwaiting Action/Information Process 801).

[0656] C2:

[0657] After step C2 (the Preprocessing and Compression Process 809),

[0658] if the Content Provider(s)' 101 configuration specifies ContentQuality Control Process 810, then place this (product/quality level)tuple onto queue C3 (the Content Quality Control Process 810),

[0659] else place this (product/quality level) tuple onto queue C4 (theEncryption Process 811).

[0660] C3:

[0661] After step C3 (the Content Quality Control Process 810), thenplace this (product/quality level) tuple onto queue C4 (the EncryptionProcess 811).

[0662] C4:

[0663] After step C4 (the Encryption Process 811),

[0664] provide the needed information (i.e., the Symmetric Key 623generated by the Process and used to encipher the Content 113) to theMetadata Assimilation and Entry Tool 161.

[0665] if all the metadata that's required for the Content SC(s) 630 ispresent, then place this (product/quality level) tuple onto queue C5(the Content SC(s) Creation Process 812),

[0666] else flag the product as needs the metadata for Content SC(s) 630Packing and place this (product/quality level) tuple onto A2 (ProductsAwaiting Action/Information Process 801).

[0667] C5:

[0668] After step C5 (the Content SC(s) Creation Process 812),

[0669] flag the quality level the Content 113 at this quality level hasbeen packed.

[0670] if all the (product/quality level) tuples have been packed, then

[0671] if the product is flagged Metadata has been packed, then

[0672] if the Content Provider(s)' 101 configuration specifies QualityAssure the SC(s), then place this product onto queue A3 (the FinalQuality Assurance Process 813)

[0673] else place this product onto queue A4 (the Content DispersementProcess 814)

[0674] else flag the product as needs the Metadata SC(s) 620 and placethis product onto queue A2 (Products Awaiting Action/Information Process801).

[0675] else (all the (product/quality level) tuples have not beenpacked) do nothing (another (product/quality level) tuple triggers anaction).

[0676] C. Metadata Assimilation and Entry Tool

[0677] Metadata consists of the data describing the Content 113 forexample in music, title of the recording, artist, author/composer,producer and length of recording. The following description is basedupon Content 113 being music but it should be understood by thoseskilled in the art that other content types e.g., video, programs,multimedia, movies, and equivalent, are within the true scope andmeaning of the present invention.

[0678] This Subsystem brings together the data the Content Provider(s)101 provides to the Electronic Digital Content Store(s) 103 to helppromote the sale of the product (e.g., for music, sample clips by thisartist, history of this artist, list of albums on which this recordingappears, genres associated with this artist and/or product), the datathe Content Provider(s) 101 provides to the End-User(s) with thepurchased product (e.g., artist, producer, album cover, track length),and the different purchase options (the Usage Conditions 517) theContent Provider(s) 101 wants to offer the End-User(s). The data ispackaged into a Metadata SC(s) 620 and made available to the ElectronicDigital Content Store(s) 103. To accomplish this, the following toolsare provided:

[0679] H Automatic Metadata Acquisition Tool

[0680] Manual Metadata Entry Tool

[0681] Usage Conditions Tool

[0682] Supervised Release Tool

[0683] These tools enable Content Provider(s) 101 to implement theprocesses described above for Work Flow Manager 154. Tools describedhere are a toolkit based on Java in the preferred embodiment but otherprogramming languages such as C/C++, Assembler and equivalent can beused.

[0684] 1. Automatic Metadata Acquisition Tool

[0685] The Automatic Metadata Acquisition Tool provides a user theability to implement the Automatic Metadata Acquisition Process 803described above. The Automatic Metadata Acquisition Tool is used toaccess the Database 160 of the Content Provider(s) 101 and to retrieveas much data as possible without operator assistance. Configurationmethods are available to automate this process. The Content Provider(s)101 can tailor the default metadata template to identify the types ofdata this Content Provider(s) 101 wants to provide to End-User(s) (e.g.,composer, producer, sidemen, track length) and the types of promotionaldata the Content Provider(s) 101 provides to the Electronic DigitalContent Store(s) 103 (e.g., for a music example, sample clips by thisartist, a history of this artist, the list of albums on which thisrecording appears, genres associated with this artist). The defaultmetadata template includes data fields which are required by theEnd-User Device(s) 109, data fields which can be optionally provided tothe End-User Device(s) 109 and a sample set of data fields, targeted tothe Electronic Digital Content Store(s) 103, that promote the artist,album, and/or single.

[0686] To extract the template data fields from the Database 160 of theContent Provider(s) 101 the Automatic Metadata Acquisition Tool uses atable that maps the type of data (e.g., composer, producer, a biographyof the artist) to the location within the database where the data can befound. Each of the Content Provider(s) 101 help specify that mappingtable for their environment.

[0687] The Automatic Metadata Acquisition Tool uses a metadata templateof the Content Provider(s) 101 and mapping table to acquire whateverdata is available from the Databases 160 of the Content Provider(s) 101.The status of each product is updated with the result of the AutomaticMetadata Acquisition Process 803. A product which is missing anyrequired data is queued for Manual Metadata Entry Process 804, otherwiseit is available for packing into a Metadata SC(s) 620.

[0688] 2. Manual Metadata Entry Tool

[0689] The Manual Metadata Entry Tool provides a user the ability toimplement the Manual Metadata Entry Process 804 described above. TheManual Metadata Entry Tool allows any properly authorized operator toprovide the missing data. If the operator determines that the missingdata is unavailable, the operator can attach a comment to the productand request supervised release. The Content Provider(s) 101 may require,for quality assurance reasons, that the product undergo supervisedrelease. Once all the required data is present, and if supervisedrelease has not been requested, then the product is available forpacking into a Metadata SC(s) 620.

[0690] 3. Usage Conditions Tool

[0691] The Usage Conditions Tool provides a user the ability toimplement the Usage Conditions Process 805 described above. The processof offering Content 113 for sale or rent (limited use), using electronicdelivery, involves a series of business decisions. The ContentProvider(s) 101 decides at which compression level(s) the Content 113 ismade available. Then for each compressed encoded version of the Content113, one or more usage conditions are specified. Each usage conditiondefines the rights of the End-User(s), and any restrictions on theEnd-User(s), with regard to the use of the Content 113.

[0692] As part of Content Processing Tools 155, a set of usageconditions (End-User(s) rights and restrictions) is attached to theproduct.

[0693] A usage condition defines:

[0694] 1. the compression encoded version of the Content 113 to whichthis usage condition applies.

[0695] 2. the type of user covered by this usage condition (e.g.,business, private consumer)

[0696] 3. whether this usage condition allows for the purchase or therental of the Content 113.

[0697] For a rental transaction:

[0698] the measurement unit which is used to limit the term of therental (e.g., days, plays).

[0699] the number of the above units after which the Content 113 will nolonger play.

[0700] For a purchase transaction:

[0701] the number of playable copies the End-User(s) is allowed to make.

[0702] onto what kinds of media can he/she make those copies (e.g.,CD-Recordable (CD-R), MiniDisc, Personal Computer).

[0703] 4. the period of time during which the purchase/rentaltransaction is allowed to occur (i.e., an End-User(s) can purchase/rentunder the terms of this usage condition only after the beginningavailability date and before the last date of availability).

[0704] 5. the countries from which an End-User(s) can transact thispurchase (or rental).

[0705] 6. the price of the purchase/rental transaction under this usagecondition

[0706] 7. the watermarking parameters.

[0707] 8. the types of events which require notification of theClearinghouse(s) 105.

[0708] An Example of a Set of Usage Conditions

[0709] The Content Provider(s) 101 may decide to test the North Americanmarket's acceptance to the re-release of the children's song by apopular children's vocalist during the fourth quarter 1997. The testwill make the song available in two different compression encodingversions: 384 Kbps and 56 Kbps. The 384 Kbps version can be bought (andone copy made onto MiniDisc) or rented (for two weeks), while the 56Kbps version can only be bought (and no copies made). The watermarkinginstructions is the same for any purchase/rental, and the ContentProvider(s) 101 wants the Clearinghouse(s) 105 to count every copy made.This would create Usage Conditions as follows: Usage Usage UsageCondition 1 Condition 2 Condition 3 compressed 384K bps 384K bps 56K bpsencoded version type of user private consumer private consumer privateconsumer type of purchase rental purchase transaction availability 1 Oct1997-31 1 Oct 1997-31 1 Oct 1997-31 dates Dec 1997 Dec 1997 Dec 1997countries USA and Canada USA and Canada USA and Canada watermarking std.std. std. notifying copy action none none events number of 1 0 0 copiesonto what MiniDisc not applicable not applicable media term of rentalnot applicable 14 days not applicable price Price 1 Price 2 Price 3

[0710] 4. Parts of the Metadata SC(s) 620

[0711] Below are some of the kinds of data that the MetadataAssimilation and Entry Tool 161 gathers for inclusion into the MetadataSC(s) 620. An attempt has been made to group the data into SC(s) partsby function and destination. product ID [src:content provider;] [dest:everybody;] licensor label company [dest: EMS; end-user;] licensee labelcompany [dest: EMS; end-user;] source(publisher) of this object [dest:everybody;] (sublicense label company) type of object (i.e., a singleobject or an array of objects) object ID [dest: everybody;]International Standard Recording Code (ISRC) International StandardMusic Number (ISMN)

[0712] product ID [src:content provider;]

[0713] [dest: everybody;]

[0714] licensor label company [dest: EMS; end-user;]

[0715] licensee label company [dest: EMS; end-user;]

[0716] source (publisher) of this object (sublicensee label company)[dest: everybody;]

[0717] type of object (i.e., a single object or an array of objects)

[0718] object ID [dest: everybody;]

[0719] International Standard Recording Code (ISRC)

[0720] International Standard Music Number (ISMN)

[0721] usage conditions(src: content provider; dest: EMS, end-user,Clearinghouse(s) 105)

[0722] purchased usage conditions (src: EMS; dest: end-user,Clearinghouse(s) 105)

[0723] the set of usage conditions (consumer restrictions and rights)for the use of the object (sound recording)

[0724] an individual entry in the array of usage conditions

[0725] the compression encoded version of the Content 113 to which thisusage condition applies

[0726] whether this usage condition allows for the purchase or therental of the Content 113

[0727] for a rental transaction:

[0728] the measurement unit which is used to limit the term of therental (e.g., days, plays).

[0729] the number of the above units after which the Content 113 will nolonger play.

[0730] for a purchase transaction:

[0731] the number of playable copies the End-User(s) is allowed to make.

[0732] onto what kinds of media can (s)he make those copies (e.g.,CD-Recordable (CD-R), MiniDisc, personal computer).

[0733] the period of time during which the purchase/rental transactionis allowed to occur (i.e., an End-User(s) can purchase/rent under theterms of this usage condition only after the beginning availability dateand before the last date of availability)

[0734] a pointer to the countries from which an End-User(s) can transactthis purchase (or rental)

[0735] the price of the purchase/rental transaction under this usagecondition

[0736] a pointer to the encrypted watermarking instructions andparameters

[0737] a pointer to the types of events which require notification ofthe Clearinghouse(s) 105

[0738] purchase data (encrypted; optional info; src: EMS; dest:end-user, Clearinghouse(s) 105)

[0739] purchase date

[0740] purchase price

[0741] bill to name and address

[0742] consumer name and address

[0743] country of the consumer (best guess)

[0744] metadata 1 (src: content provider; dest: EMS, end-user)

[0745] an array of {

[0746] copyright information

[0747] for the composition

[0748] for the sound recording

[0749] title of song

[0750] principal artist(s)

[0751] }

[0752] a pointer to {

[0753] the artwork (e.g., album cover);

[0754] the format of the artwork (e.g., GIF, JPEG);

[0755] }

[0756] optional info:

[0757] an array of additional information {

[0758] composer

[0759] publisher

[0760] producer

[0761] sidemen

[0762] date of recording

[0763] date of release

[0764] lyrics

[0765] track name (description)/track length

[0766] list of albums on which this recording appears

[0767] genre(s)

[0768] }

[0769] metadata 2 (src: content provider; dest: EMS)

[0770] an array of structures, each representing different qualitylevels of the same sound recording {

[0771] the sound recording;

[0772] the quality level of the sound recording;

[0773] the size (in bytes) of the (probably compressed) sound recording;

[0774] }

[0775] metadata 3 (src: content provider; dest: EMS, end-user)

[0776] optional info:

[0777] promotional material:

[0778] a pointer to artist promotion material {

[0779] a URL to the artist's web site;

[0780] background description(s) of the artist(s);

[0781] artist-related interviews (along with format of the interview(e.g., text, audio, video));

[0782] reviews (along with format of the reviews (e.g., text, audio,video));

[0783] sample clips (and its format and compression level);

[0784] recent and upcoming concerts/appearances/events—their dates andlocations;

[0785] }

[0786] a pointer to album promotion material {

[0787] sample clip (and its format and compression level);

[0788] background description(s) of the producer, and/or the composer,and/or the movie/play/cast, and/or the making of the album, etc.;

[0789] non-artist-related interviews (along with format of the interview(e.g., text, audio, video));

[0790] reviews (along with format of the reviews (e.g., text, audio,video));

[0791] genre(s);

[0792] }

[0793] single promotions:

[0794] sample clip (and its format and compression level)

[0795] background description(s) of the producer, and/or the composer,and/or the movie/play/cast, and/or the making of the single, etc.

[0796] reviews (along with format of the reviews (e.g., text, audio,video))

[0797] 5. Supervised Release Tool

[0798] Supervised Release Tool provides a user the ability to implementthe Supervised Release Process 806 described above. An individualdesignated by the Content Provider(s) 101 as having supervised releaseauthority, may call up a product awaiting supervised release (i.e., aproduct on the queue of the Supervised Release Process 806), examine itsContents 113 and its accompanying comments, and either

[0799] approve its Contents 113 and release the product for packing intoa Metadata SC(s) 620, or

[0800] make any necessary corrections and release the product forpacking into a Metadata SC(s) 620 or

[0801] add a comment specifying the corrective action to take andresubmit the product to the Manual Metadata Entry Process 704

[0802] In another embodiment, after the creation of the SC(s), there isanother optional quality assurance step where the Content 113 of theSC(s) can be opened and examined for completeness and accuracy, and, atthat time, final approval can be given or denied for the product'srelease to the retail channel.

[0803] D. Content Processing Tools

[0804] The Content Processing Tools 155 is actually a collection ofsoftware tools which are used to process the digital content file tocreate watermarked, encoded, and encrypted copies of the content.

[0805] The tools makes use of industry standard digital contentprocessing tools to allow pluggable replacement of watermarking,encoding and encryption technologies as they evolve. If the selectedindustry tool can be loaded via a command line system call interface andpassed parameters or provides a toolkit wherein functions can be calledvia a DLL interface, the content processing can be automated to somedegree. A front end application to each tool queries the appropriatequeue in the Content Processing Tools 155 for the next available job,retrieves the required files and parameters and then loads the industrystandard content processing tool to perform the required function. Uponcompletion of the task, manual update to the queue may be required ifthe tool does not report terminating status.

[0806] A generic version of the Content Processing Tools 155 isdescribed, but customization is possible. The Content Processing Tools155 can be written in Java, C/C++ or any equivalent software. TheContent Processing Tools 155 can be delivered by any computer readablemeans including diskettes, CDS or via a Web site.

[0807] 1. Watermarking Tool

[0808] The Watermarking Tool provides a user the ability to implementthe Watermarking Process 808 as described above. This tool appliescopyright information of the Content 113 owner to the song file usingaudio Watermarking technology. The actual information to be written outis determined by the Content Provider(s) 101 and the specificwatermarking technology selected. This information is available to thefront end Watermarking Tool so that it can properly pass thisinformation to the watermarking function. This imposes a synchronizationrequirement on the Metadata Assimilation and Entry Tool 161 to assurethat it has acquired this information prior to, for example, allowingthe song's audio file to be processed. This song will not be availablefor audio processing until the watermarking information has beenobtained.

[0809] The watermark is applied as the first step in audio processingsince it is common to all encodings of the song created. As long as thewatermark can survive the encoding technology, the watermarking processneed only occur once per song.

[0810] Various watermarking technologies are known and commerciallyavailable. The front end Watermarking Tool though is capable ofsupporting a variety of industry Watermarking Tools.

[0811] 2. Preprocessing and Compression Tool

[0812] The Preprocessing and Compression Tool provides a user theability to implement the Preprocessing and Compression Process 809 asdescribed above. Audio encoding involves two processes. Encoding isbasically the application of a lossy compression algorithm against, fora music content example, a PCM audio stream. The encoder can usually betuned to generate various playback bit stream rates based on the levelof audio quality required. Higher quality results in larger file sizesand since the file sizes can become quite large for high quality Content113, download times for high quality Content 113 can become lengthy andsometimes prohibitive on standard 28,800 bps modems.

[0813] The Content Provider(s) 101 may, therefore, choose to offer avariety of digital content qualities for download to appease both theimpatient and low bandwidth customers who don t want to wait hours for adownload and the audiophile or high bandwidth customers who either onlybuys high quality Content 113 or has a higher speed connection.

[0814] Compression algorithms vary in their techniques to generate lowerbit rate reproductions of Content 113. The techniques vary both byalgorithm (i.e. MPEG, AC3, ATRAC) and by levels of compression. Toachieve higher levels of compression, typically the data is re-sampledat lower sampling rates prior to being delivered to the compressionalgorithm. To allow for more efficient compression with less loss offidelity or to prevent drastic dropout of some frequency ranges, thedigital content may sometimes require adjustments to equalization levelsof certain frequencies or adjustments to the dynamics of the recording.The content preprocessing requirements are directly related to thecompression algorithm and the level of compression required. In somecases, the style of Content 113 (e.g. musical genre) can be successfullyused as abase for determining preprocessing requirements since songsfrom the same genre typically have similar dynamics. With somecompression tools, these preprocessing functions are part of theencoding process. With others, the desired preprocessing is performedprior to the compression.

[0815] Besides the downloadable audio file for sale, each song also hasa Low Bit Rate (LBR) encoded clip to allow the song to be sampled via aLBR streaming protocol. This LBR encoding is also the responsibility ofthe Content Processing Tools 155. This clip is either provided by theContent Provider(s) 101 as a separate PCM file or as parameters ofoffset and length.

[0816] As with watermarking, it is hoped that the encoding tools can beloaded via a DLL or command line system call interface and passed allthe required parameters for preprocessing and compression. The front endEncoding Tool may have a synchronization requirement with the MetadataAssimilation and Entry Tool 161, for example if the content is music,and if it is determined that the song's genre is acquired from theDatabase 160 of the Content Provider(s) prior to performing any audiopreprocessing. This depends on the encoding tools selected and howindeterminate the genre for the song is. If the Content Provider(s) 101varies the choice of encoded quality levels per song, this informationis also be provided prior to the encoding step and agrees with themetadata being generated by the Metadata Assimilation and Entry Tool161.

[0817] A variety of high quality encoding algorithms and tools are knowntoday. The front end Encoding Tool though is capable of supporting avariety of industry encoding tools.

[0818] Turning now to FIG. 12 is shown a flow diagram of one embodimentfor the Automatic Metadata Acquisition Tool of FIG. 8 according to thepresent invention. The process starts with reading an identifier fromthe media the Content Provider(s) 101 is examining. One example ofcontent in an audio CD embodiment. In an audio CD embodiment, thefollowing codes maybe available Universal Price Code (UPC),International Standard Recording Code (ISRC), International StandardMusic Number (ISMN). This identifier is read in the appropriate playerfor the content, for example an audio CD Player for audio CD, DVD playerfor DVD movie, DAT recorder for DAT recording and equivalent, step 1201.Next this Identifier is used to index a Database 160 for the ContentProvider(s) 101, step 1202. Some or all of the information required bythe Work Flow Manager Process as described in FIG. 8 is retrieved inDatabase 160 and any other related sources, step 1203. This informationcan include the Content 113 and the metadata related to it. In step1204, the additional information retrieved is used to start the WorkFlow Manager 154 for creating electronic Content 113. It should beunderstood, that several selections of media, such as several audio CDS,can be queued up so as to enable the Automatic Metadata Acquisition Toolto create a series of Content 113 for electronic distribution. Forexample, all the Content 113 could be created from a series of CDS oreven selected tracks from one or more CDS examined by the ContentProvider(s) 101.

[0819] In an alternate embodiment, the preprocessing parameters can beretrieve from the Database 160 of the Content Provider(s) automatically.Referring now to FIG. 13 is a flow diagram of a method to automaticallyset the Preprocessing and Compression parameters of the Preprocessingand Compression Tool of FIG. 8 according to the present invention. Inthis embodiment. the Content 113 is music. In step 1301, music (Content113) is selected to be encoded in Content Processing Tools 155. Thegenre of the music selected is determined, step 1302. This can beentered manually or by using other meta data available, such as theadditional data retrieved from the process described in FIG. 12. Theaudio compression level and audio compression algorithms selected arethan examined, step 1303. Next, a lookup is made by genre, compressionsettings and compression algorithms of what compression parametersshould be used in the Preprocessing and Compression Process 809, 1304.

[0820] 3. Content Quality Control Tool

[0821] The Content Quality Control Tool provides a user the ability toimplement the Content Quality Control Process 810 as described above.This is an optional Content Processing Tool and provides an opportunityfor a quality control technician to review the encoded and watermarkedcontent files and approve or reject the content files based on qualityjudgments. He can re-encode the content making manual preprocessingadjustments until the quality is adequate or can flag the song forreprocessing and attach a note describing the problem.

[0822] This process step can be configured by the Content Provider(s)101 as an optional or required step of the content processing work flow.An additional optional Final Quality Assurance Process 813 step isprovided after packaging of all the SC(s) for this content (e.g. eachSC(s) for songs on a CD) at which time the quality of the contentencoding can be tested but catching a problem early prior to encryptionand packaging allows for more efficient content processing. It is,therefore, highly desirable that the content quality be assured at thisstep as opposed to waiting until final completion of all processing.

[0823]4. Encryption Tool

[0824] The Encryption Tool provides a user the ability to implement theEncryption Process 811 as described above. Content encryption is thefinal step of the Content Processing Tools 155. Each of the versions ofthe content that were created by the Encoding Tool is now encrypted. Theencryption tool is a function of the SC(s) Packer. The SC(s) Packer iscalled to encrypt the song and returns the generated encryption keyused. This key is later passed into the SC(s) Packer for use in creationof the Metadata SC(s) 620.

[0825] E. Content SC(s) Creation Tool

[0826] Once all metadata has been gathered the Content SC(s) CreationTool groups the metadata into categories based on their intended use.These groups of metadata are written into files to be passed in to theSC(s) Packer Tool as Metadata parts for the Metadata SC(s) 620. Eachpart (file) has unique processing requirements. Once the associatedsongs have been processed and encrypted and the target destination (JRLof Content Hosting Site(s) 111) has been determined, the Content SC(s)630 for the Content 113 are ready to be created. The Content 113 whichhave completed processing and have met all the requirements describedabove, are queued for packing in the packer queue of the Work FlowManager 154.

[0827] The Content SC(s) Creation Tool now retrieves all the requiredfiles created by the previous steps of the Metadata Assimilation andEntry Tool 161 and calls the SC(s) Packer functions to create theMetadata SC(s) 620 and Content SC(s) 630. This process creates a singleMetadata SC(s) 620 and multiple Content SC(s) 630 for each song. Forexample, if the content is music, each of the audio files created duringaudio processing for the various quality levels of the full song ispacked into separate Content SC(s) 630. The audio file created for thesample clip is passed as a metadata file to be included in the MetadataSC(s) 620.

[0828] F. Final Quality Assurance Tool

[0829] The Final Quality Assurance Tool provides a user the ability toimplement the Final Quality Assurance Process 813 as described above.Once all the SC(s) have been built for a content file, the content isavailable for a final quality assurance check. Quality assurance can beperformed at various stages of the Content 113 preparation process. TheContent Provider(s) 101 can choose to perform quality assurance as eachmajor step is completed to prevent excessive rework later or may chooseto wait until all audio preparation processes are complete and performquality assurance on everything at once. If the latter is chosen,quality assurance is performed at this point upon completion of thecreation of the SC(s). This tool allows each SC(s) for the song to beopened, examined, and the audio played.

[0830] Any problem discovered, even minor text changes requires that theSC(s) be rebuilt due to internal security features of SC(s). To avoidunnecessary re-processing time, it is highly recommended that theinterim quality assurance steps be utilized to assure accuracy of themetadata and that this specific quality assurance step be reserved forvalidating appropriate cross references between the SC(s) associatedwith this song. If problems are found, the assurer can enter a problemdescription to be attached to the song and have it re-queued to theappropriate processing queue for reprocessing. Status is updatedappropriately in the Work Flow Manager 154 to indicate the status of allrelated components of the song. If no problems are discovered, theContent 113 is marked or flagged as ready for release.

[0831] G. Content Dispersement Tool

[0832] The Content Dispersement Tool provides a user the ability toimplement the Content Dispersement Process 814 as described above. Oncethe Content 113 has been approved for release, the SC(s) for the Content113 are placed in the queue of the Content Dispersement Process. TheContent Dispersement Tool monitors the queue and performs immediatetransfer of the SC(s) files or batch transfer of a group of SC(s) filesbased on the configuration settings provided by the Content Provider(s)101. The Content Provider(s) 101 can also optionally configure theContent Dispersement Tool to automatically hold all SC(s) in this queueuntil they are manually flagged for release. This allows the ContentProvider(s) 101 to prepare content in advance of their scheduled releasedate and hold them until they wish to release them e.g., anew song,movie or game. The SC(s) can also control access to Content 113 based ona defined release date so there is no requirement for the ContentProvider(s) 101 to actually hold up delivery of the SC(s) but thismanual release option can still be used for this purpose or used tomanage network bandwidth required to transfer these large files.

[0833] When flagged for release, the Content SC(s) 630 for the Content113 are transferred via FTP to the designated Content Hosting Site(s)111. The Metadata SC(s) 620 is transferred via FTP to the ContentPromotions Web Site 156. Here the SC(s) are staged to anew Content 113directory until they can be processed and integrated into the ContentPromotions Web Site 156.

[0834]FIG. 17 is a flow diagram of an alternate embodiment toautomatically retrieve additional information for the Automatic MetadataAcquisition Tool of FIG. 8 according to the present invention. Theprocess is similar for that described in FIG. 8 above. However, thequality checks of Supervised Release 806 and Content Quality Control 809are combined into one quality check called Quality Control 1704.Performing quality checks prior to Metadata SC Creation 807 and ContentSC Creation 812. Performing quality check prior to SC creation,eliminates the steps of unpacking the Content 113 and the associatedMetadata SC(s) 620. In addition, in this embodiment, the queue ofProducts Awaiting Action/Information 801 have been eliminated. The jobsare placed on the specific process queues depending on what action isbeing requested. For example, if the job requires Manual Metadata, i.e.additional Metadata to be entered, the job is place on the ManualMetadata entry queue. Also the Automatic Metadata Acquisition 803 hasbeen merged with New Content Request to occur up front prior to theMetadata Assimilation and Entry Tool 161 and the Content Processing Tool155. Finally, it is important to point out that the Usage Conditions 804are entered both at the Automatic Metadata Acquisition 803 and duringthe Manual Metadata Entry 803. Since, many of the usage conditions canbe automatically filled-in during the Automatic Metadata Acquisition 803step.

[0835] H. Content Promotions Web Site

[0836] To most effectively disperse information on what the ContentProvider(s) 101 is making available for sale via digital download, andto get the necessary files to the Electronic Digital Content Store(s)103 to enable it to make this Content 113 available for download to itscustomers, each Content Provider(s) 101 should have a secure web sitehousing this information. This is similar to the method used today bysome Content Provider(s) 101 to make promotional content available totheir retailers and others with a need for this information. In the casewhere this type of service already exists, an additional section can beadded to the web site where Electronic Digital Content Store(s) 103 cango to see a list of the content available for sale via download.

[0837] The Content Provider(s) 101 has complete control over the designand layout of this site or can choose to use a turnkey web serversolution provided as part of the toolkit for Secure Digital ContentElectronic Distribution System 100. To implement their own design forthis service, the Content Provider(s) 101 need only provide links to theMetadata SC(s) 620 for Electronic Digital Content Store(s) 103 whoaccess their site. This is accomplished using the toolkit for the SecureDigital Content Electronic Distribution System 100. The selectionprocess and what information is shown is the discretion of the ContentProvider(s) 101.

[0838] Metadata SC(s) 620 received into a new content directory via FTPfrom the Content Dispersement Tool is processed by the ContentPromotions Web Site 156. These containers can be opened with the SC(s)Preview Tool to display or extract information from the container. Thisinformation can then be used to update HTML Web pages and/or addinformation to a searchable database maintained by this service. TheSC(s) Preview Tool is actually a subset of the Content Acquisition Toolused by the Electronic Digital Content Store(s) 103 to open and processMetadata SC(s) 620. See the Content Acquisition Tool section for moredetails. The Metadata SC(s) 620 file should then be moved to a permanentdirectory maintained by the Content Promotions Web Site 156.

[0839] Once the Metadata SC(s) 620 has been integrated into the ContentPromotions Web Site 156, its availability is publicized. The ContentProvider(s) 101 can send a notification to all subscribing ElectronicDigital Content Store(s) 103 as each new Metadata SC(s) 620 is added tothe site or can perform a single notification daily (or any definedperiodicity) of all Metadata SC(s) 620 added that day (or period). Thisnotification is performed via a standard HTTP exchange with theElectronic Digital Content Store(s) 103 Web Server by sending a definedCGI string containing parameters referencing the Metadata SC(s) 620added. This message is handled by the Notification Interface Module ofthe Electronic Digital Content Store(s) 103 which is described later.

[0840] I. Content Hosting

[0841] The Entertainment Industry produces thousands of content titles,such as CDS, movies and games every year, adding to the tens ofthousands of content titles that are currently available. The SecureDigital Content Electronic Distribution System 100 is designed tosupport all of the content titles available in stores today.

[0842] The numbers of content titles that the Secure Digital ContentElectronic Distribution System 100 may eventually download to customerson a daily basis is in the thousands or tens of thousands. For a largenumber of titles, this requires a large amount of bandwidth. Thecomputer disk space and bandwidth needs call for a distributed, scalableimplementation with multiple Content Hosting Site(s) 111. The systemalso supports customers all over the world. This requires overseas sitesto speed delivery to the global customers.

[0843] Content hosting on the Secure Digital Content ElectronicDistribution System 100 is designed to allow the Content Provider(s) 101to either host their own Content 113 or share a common facility or a setof facilities.

[0844] Content hosting on the Secure Digital Content ElectronicDistribution System 100 consists of multiple Content Hosting Site(s) 111that collectively contain all of the Content 113 offered by the SecureDigital Content Electronic Distribution System 100 and several SecondaryContent Sites (not shown) that contain the current hot hits offered bythe Content Provider(s) 101. The number of Content Hosting Site(s) 111changes depending on the number of End-User(s) using the system. TheSecondary Content sites host a limited number of songs, but they willrepresent a large percentage of the bandwidth used on the system. Thesecondary sites are brought on line as the volume on the primary sitesincreases to the point of maximum capacity. The secondary sites can belocated close to Network Access Points (NAPs) which helps speed updownload times. They may also be placed in different geographic areasaround the world to speed up download times.

[0845] Should the Content Provider(s) 101 choose to host all of theirContent 113 in their own system, they can act as a single ContentHosting Site 111 with or without additional Secondary Content Sites.This allows them to build their own scalable distributed system. Inanother embodiment, Electronic Digital Content Store(s) 103 can also actas Content Hosting Site(s) 111 for certain Content 113. This embodimentrequires a special financial agreement between the Electronic DigitalContent Store(s) 103 and the Content Provider(s) 101.

[0846] 1. Content Hosting Sites

[0847] Content 113 is added to the Content Hosting Site(s) 111 via FTPor HTTP by the Content Disbursement Tool described in the ContentProvider(s) Section of this specification or via offline means such ascontent delivery on tape, CD Rom, flash, or other computer readablemedia. The Metadata SC(s) 620 created by the Content Provider(s) 101contain a field that indicates the URL locating the Content SC(s) 630for this Content 113. This URL corresponds to a Content Hosting Site(s)111. Electronic Digital Content Store(s) 103 can override this URL ifallowed by the Content Provider(s) 101 in the Offer SC(s) 641. TheEnd-User Device(s) 109 communicates to this Content Hosting Site(s) 111when it wants to download the Content SC(s) 630.

[0848] The End-User Device(s) 109 initiates the request for a ContentSC(s) 630 by sending the License SC(s) 660 to the Content HostingSite(s) 111. This is the same License SC(s) 660 returned by theClearinghouse(s) 105. The Digital Signature of the License SC(s) 660 canbe verified to determine if it is a valid License SC(s) 660. If it is avalid License SC(s) 660 either the download is initiated, or thedownload request may be redirected to another Content Hosting Site(s)111.

[0849] 2. Content Hosting Site(s) 111 provided by the Secure DigitalContent Electronic Distribution System 100

[0850] For the Secure Digital Content Electronic Distribution System 100the decision of which site should be used to download the Content 113 ismade by the primary content site that received the initial request for aContent SC(s) 630. This site uses the following information to make thisdecision:

[0851] Are there secondary content sites that host the Content 113requested? (The majority of Content 113 offered by the Secure DigitalContent Electronic Distribution System 100 is only located at primarysites);

[0852] Where is the End-User Device(s) 109 geographically located? (Thisinformation can be obtained from the End-User Device(s) 109 when therequest is initiated at the End-User Device(s) 109, this is passed up tothe Clearinghouse(s) 105 in the Order SC(s) 650;

[0853] Is the appropriate secondary site up and operational? (Sometimesthe secondary sites maybe off-line);

[0854] What is the load of the secondary sites? (In some cases where asecondary site is swamped with activity another site that is less busymay be selected.

[0855] Before transmitting the Content SC(s) 630 to the End-UserDevice(s) 109, analysis and verifications are performed on theEnd-User's request. A database is kept of all of the License SC IDs thathave been used to download Content 113. This database can be checked toensure that the End-User Device(s) 109 only makes one request for eachpiece of Content 113 purchased. This prevents malicious users fromrepeatedly accessing the Content Hosting Site(s) 111 in hopes of slowingdown the Content Hosting Site(s) 111 and prevents unauthorized downloadof the Content SC(s) 630.

[0856] The promotion and demotion of Content 113 to the SecondaryContent sites is done periodically based on customer demand for theindividual pieces of Content 113.

[0857] Content Hosting Router

[0858] The Content Hosting Router (not shown) resides in the ContentHosting Site(s) 111 and receives all requests from End-User(s) wantingto download Content 113. It performs validation checks on theEnd-User(s) request to ensure they indeed bought the Content 113. Adatabase is maintained on the status of the Secondary Content Sites thatincludes what Content 113 is on them and their current status. Thiscurrent status includes the amount of activity on the sites and whethera site is down for maintenance.

[0859] The only interface to the Content Hosting Router is the LicenseSC(s) 660 that is sent by the End-User Device(s) 109 when Content 113 isrequired to be downloaded. The License SC(s) 660 includes informationthat indicates the user is allowed to download the Content 113.

[0860] Secondary Content Sites

[0861] The Secondary Content Sites (not shown) host the popular Content113 of the Secure Digital Content Distribution System 100. These sitesare geographically dispersed across the world and are located nearNetwork Access Points (NAPs) to improve download times. These sites areadded to the system as demand on the primary Content Hosting Site(s) 111nears maximum capacity

[0862] IX. Electronic Digital Content Store(s)

[0863] A. Overview—Support for Multiple Electronic Digital ContentStore(s) 103

[0864] Electronic Digital Content Store(s) 103 are essentially theretailers. They are the entities who market the Content 113 to bedistributed to the customer. For distribution of Content 113, this wouldinclude Digital Content Retailing Web Sites, Digital Content RetailStores, or any business who wishes to get involved in marketingelectronic Content 113 to consumers. These businesses can market thesale of electronic Content 113 only or can choose to just add the saleof electronic goods to whatever other merchandise they currently offerfor sale. Introduction of down loadable electronic goods into theservice offering of the Electronic Digital Content Store(s) 103 isaccomplished via a set of tools developed for the Electronic DigitalContent Store(s) 103 as part of the Secure Digital Content ElectronicDistribution System 100.

[0865] These tools are used by the Electronic Digital Content Store(s)103 to:

[0866] acquire the Metadata SC(s) 620 packaged by the ContentProvider(s) 101

[0867] extract Content 113 from these SC(s) to be used as input tobuilding their service offering

[0868] create Offer SC(s) 641 describing the downloadable Content 113they are offering for sale

[0869] handle the acknowledgment of the sale and initiation of thedownload by creating and sending Transaction SC(s) 640 to the End-UserDevice(s) 109

[0870] manage a transaction log of sales of downloadable Content 113 andthe status of each download

[0871] handle status notifications and transaction authenticationrequests

[0872] perform account reconciliation

[0873] The tools are designed to allow flexibility in how the ElectronicDigital Content Store(s) 103 wishes to integrate sale of downloadableelectronic Content 113 into its service. The tools can be used in suchaway as to request that all financial settlements for downloadableContent 113 purchased be handled by the Clearinghouse(s) 105 althoughthis is not required. These tools also enable Electronic Digital ContentStore(s) 103 to completely service their customers and handle thefinancial transactions themselves, including providing promotions andspecial offers. The tools enable the Electronic Digital Content Store(s)103 to quickly integrate the sale of downloadable Content 113 into itsexisting services. In addition, the Electronic Digital Content Store(s)103 is not required to host the downloadable Content 113 and does nothave to manage its dispersement. This function is performed by theContent Hosting Site(s) 111 selected by the Content Provider(s) 101.

[0874] The tools for the Electronic Digital Content Stores(s) 103 areimplemented in Java in the preferred embodiment but other programminglanguages such as C/C++, Assembler and equivalent can be used. It shouldbe understood that the tools described below for the Electronic DigitalContent Stores(s) 103 can run on a variety of hardware and softwareplatforms. The Electronic Digital Content Stores(s) 103 as a completesystem or as any ofit's constitute components maybe distributed as anapplication program in a computer readable medium including but notlimited to electronic distribution such as the web or on floppydiskettes, CD ROMS and removable hard disk drives.

[0875] In another embodiment, the components of the Electronic DigitalContent Stores(s) 103 is part of a programmer's software toolkit. Thistoolkit enables predefined interfaces to the components of the genericElectronic Digital Content Stores(s) 103 components and tools discussedbelow. These predefined interfaces are in the form of APIs orApplication Programming Interfaces. A developer using these APIs canimplement any of the functionality of the components from a high levelapplication program. By providing APIs to these components, a programmercan quickly develop a customized Electronic Digital Content Stores(s)103 without the need to re-created these functions and resources of anyof these components.

[0876] Electronic Digital Content Store(s) 103 are not limited to Webbased service offerings. The tools provided are used by all ElectronicDigital Content Store(s) 103 wishing to sell downloadable electronicContent 113 regardless of the transmission infrastructure or deliverymode used to deliver this Content 113 to End-User(s). Broadcast servicesoffered over satellite and cable infrastructures also use these sametools to acquire, package, and track electronic Content 113 sales. Thepresentation of electronic merchandise for sale and the method in whichthese offers are delivered to the End-User(s) is the main variantbetween the broadcast based service offering and the point-to-pointinteractive web service type offering.

[0877] B. Point-to-Point Electronic Digital Content Distribution ServicePoint-to-Point primarily means a one-to-one interactive service betweenthe Electronic Digital Content Store(s) 103 and the End-User Device(s)109. This typically represents an Internet web based service providedvia telephone or cable modem connection. Networks other than theInternet are supported in this model as well, as long as they conform tothe Web Server/Client Browser model. FIG. 9 is a block diagramillustrating the major tools, components and processes of an ElectronicDigital Content Store(s) 103.

[0878] 1. Integration Requirements

[0879] The Secure Digital Content Electronic Distribution System 100 notonly creates new online businesses but provides a method for existingbusinesses to integrate the sale of downloadable electronic Content 113to their current inventory. The suite of tools provided to theElectronic Digital Content Store(s) 103 simplify this integrationeffort. The Content Acquisition Tool 171 and SC(s) Packer Tool 153provides a method for the Electronic Digital Content Store(s) 103 toacquire information from the participating Content Provider(s) 101 onwhat they have available for sale and to create the files required toreference these downloadable objects as items in their own inventory.This process is batch driven and can be largely automated and isexecuted only to integrate new Content 113 into the site.

[0880] The tools for the Secure Digital Content Electronic Distributionhave been designed to allow integration of sale of electronicdownloadable Content 113 into typical implementations of web basedElectronic Digital Content Store(s) 103 (i.e. Columbia House online,Music Boulevard, @Tower) and equivalent with minimal change to theircurrent Content 113 retailing paradigm. Several methods of integrationare possible and in the preferred embodiment, the Electronic DigitalContent Store(s) 103 provides support for all product searches,previews, selections (shopping cart), and purchases. Each ElectronicDigital Content Store(s) 103 establishes customer loyalty with itscustomers and continues to offer its own incentives and market itsproducts as it does today. In the Secure Digital Content ElectronicDistribution System 100, it would simply need to indicate which productsin its inventory are also available for electronic download and allowits customers to select the electronic download option when making apurchase selection. In another embodiment, the customer's shopping cartcould contain a mixture of electronic (Content 113) and physical mediaselections. After the customer checks out, and the Electronic DigitalContent Store(s) 103 has completed the financial settlement and loggedor notified its shipping and handling functions to process the physicalmerchandise purchased, the commerce handling function of the ElectronicDigital Content Store(s) 103 then calls the Transaction Processor Module175 to handle all electronic downloads. It simply passes the requiredinformation and all processing from that point on is handled by the toolset for the Secure Digital Content Electronic Distribution System 100.In another embodiment, other methods of transaction handling are alsopossible using tools for the Secure Digital Content ElectronicDistribution System 100 to handle the financial settlement should theElectronic Digital Content Store(s) 103 wish to sell downloadablemerchandise only or to segregate the financial settlement of physicaland downloadable merchandise.

[0881] To handle the downloading of merchandise, the Electronic DigitalContent Store(s) 103 is given a Product ID (not shown) for eachdownloadable product that it acquires from the Content Promotions WebSite 156 for the Content Provider(s) 101. This Product ID is associatedto a customer's purchase selection to the downloadable product. TheProduct ID is what the Electronic Digital Content Store(s) 103 passes tothe Transaction Processor Module 175 to identify the product that theuser has purchased. The SC(s) (Offer SC(s) 641) that were created todescribe the products, are isolated from the Electronic Digital ContentStore(s) 103 and kept in an Offer Database 181 in an effort to simplifymanagement of these objects and make their existence transparent to theElectronic Digital Content Store(s) 103.

[0882] The Transaction Processor Module 175 and other additionalfunctions are provided as web server side executables (i.e. CGI andNSAPI, ISAPI callable functions) or simply APIs into a DLL or C objectlibrary. These functions handle run time processing for End-User(s)interactions and optional interactions with the Clearinghouse(s) 105.These functions interact with the web server's commerce services tocreate and download to the End-User Device(s) 109 the files necessary toinitiate the Content 113 download process. They also handle optionalinteractions to provide authorizations and accept notifications ofcompletion of activities.

[0883] An Accounting Reconciliation Tool 179 is also provided to assistthe Electronic Digital Content Store(s) 103 in contacting theClearinghouse(s) 105 to reconcile accounts based on its own and thetransaction logs of the Clearinghouse(s) 105.

[0884] 2. Content Acquisition Tool 171

[0885] The Content Acquisition Tool 171 is responsible for interfacingwith the Content Promotions Web Site 156 to preview and downloadMetadata SC(s) 620. Since the Content Promotions site is a standard website, a web browser is used by the Electronic Digital Content Store(s)103 to navigate this site. The navigation features varies based on thesite design of the Content Provider(s) 101. Some sites may provideextensive search capabilities with many screens of promotionalinformation. Others may have a simple browser interface with lists oftitles, performers or new releases to select from. All sites include theselection of Metadata SC(s) 620 containing all the promotional anddescriptive information of a song or album.

[0886] Alternatively, the Electronic Store(s) 103 may subscribe tocontent updates and receive updates automatically via FTP.

[0887] Viewing Metadata

[0888] The Content Acquisition Tool 171 is a web browser helperapplication which launches whenever a Metadata SC(s) 620 link isselected at the Content Promotions Web Site 156. Selection of the SC(s)causes it to be downloaded to the Electronic Digital Content Store(s)103, and launch the helper application. The Content Acquisition Tool 171opens the Metadata S C(s) 620 and display the non-encrypted informationcontained therein. Displayed information includes Extracted Metadata173, for a music example, the graphic image(s) associated with the songand the information describing the song, a preview clip of the song canalso be listened to if included in the Metadata SC(s) 620. In an examplewhere the Content 113 is music, promotional information about the songor album, the album title, and the artist is also shown if provided bythe Content Provider(s) 101. This information is displayed as a seriesof linked HTML pages in the browser window. Purchasable Content 113 suchas the song and the lyrics and whatever other metadata the ContentProvider(s) 101 wishes to protect, is not accessible to the RetailContent Web Site 180.

[0889] In another embodiment, the Content Provider(s) 101 providesoptional promotional content for a fee. In this embodiment suchpromotional content is encrypted in the Metadata SC(s) 620. Financialsettlement to open this data can be handled via the Clearinghouse(s) 105with the account for the Electronic Digital Content Store(s) 103 beingcharged the designated fee.

[0890] Extracting Metadata

[0891] Besides the preview capabilities, this tool provides twoadditional features: metadata extraction and preparation of an OfferSC(s) 641. Selection of the metadata extraction option prompts theElectronic Digital Content Store(s) 103 to enter the path and filenamesto where the metadata is to be stored. Binary metadata such as graphicsand the audio preview clip is stored as separate files. Text metadata isstored in an ASCII delimited text file which the Retail Content Web Site180 can then import into its database. A table describing the layout ofthe ASCII delimited file is also be created in a separate TOC file.Additional options is available to allow extraction into other NationalLanguage Support (NLS) supported formats.

[0892] One important piece of information provided in the extracted datais the Product ID. This Product ID is what the commerce handlingfunction for the Electronic Digital Content Store(s) 103 needs toidentify to the Transaction Processor Module 175 (for more informationrefer to Transaction Processing section), the Content 113 that the userhas purchased. The Transaction Processor Module 175 uses this Product IDto properly retrieve the appropriate Offer SC(s) 641 from the OfferDatabase 181 for subsequent download to the End-User Device(s) 109. TheElectronic Digital Content Store(s) 103 has full control over how itpresents the offer of downloadable Content 113 on its site. It onlyneeds to retain a cross reference of the Content 113 being offered tothis Product ID to properly interface with the tools for the SecureDigital Content Electronic Distribution System 100. Providing thisinformation here, allows the Electronic Digital Content Store(s) 103 tointegrate this product or Content 113 into its inventory and sales pages(database) in parallel with the Offer SC(s) 641 creation process sinceboth processes uses the same Product ID to reference the product. Thisis described further below.

[0893] Offer SC(s) Creation Packer 153

[0894] The Electronic Digital Content Store(s) 103 is required to createan Offer SC(s) 641 describing the downloadable Content 113 that is forsale. Most of the information that goes into the Offer SC(s) 641 isderived from the Metadata SC(s) 620. The Content Acquisition Tool 171creates the Offer SC(s) 641 by:

[0895] removing parts from the Metadata SC(s) 620 that are not requiredto be included in the Offer SC(s) 641 as defined by the Offer SC(s)Template in the Metadata SC(s) 620

[0896] adding additional required parts as defined by defaults specifiedby the configuration options in this tool for the Electronic DigitalContent Store(s) 103

[0897] prompting for additional required inputs or selections as definedby the Offer SC(s) Template in the Metadata SC(s) 620

[0898] calling the SC(s) Packer 153 to pack this information into theSC(s) format

[0899] Metadata to be displayed by the Player Application 195 (furtherdescribed later) on the End-User Device(s) 109 is kept in the MetadataSC(s) 620. Other promotional metadata that was only used by theElectronic Digital Content Store(s) 103 as input to his web servicedatabase is removed from the Metadata SC(s) 620. Rights managementinformation provided by the Content Provider(s) 101, such aswatermarking instructions, encrypted Symmetric Keys 623, and UsageConditions 517 defining the permitted uses of the object, are alsoretained.

[0900] This stripped down Metadata SC(s) 620 is then included in theOffer SC(s) 641. The Electronic Digital Content Store(s) 103 alsoattaches its own Usage Conditions called Store Usage Conditions 519 orpurchase options to the Offer SC(s) 641. This can be accomplishedinteractively or automatically through a set of defaults. If configuredto be processed interactively, the Electronic Digital Content Store(s)103 is prompted with the set of permitted object Usage Conditions 517 asdefined by the Content Provider(s) 101. He then selects the option(s) hewishes to offer to his customers. These now become the new UsageConditions or Store Usage Conditions 519. To process automatically, theElectronic Digital Content Store(s) 103 configures a set of defaultpurchase options to be offered for all Content 113. These defaultoptions are automatically checked against the permitted Usage Conditions517 defined by the Content Provider(s) 101 and is set in the Offer SC(s)641 if there are no discrepancies.

[0901] Once the Offer SC(s) 641 is created, it is stored in an OfferDatabase 181 and is indexed with the Product ID pre-assigned in theMetadata SC(s) 620. This Product ID is used later by the ElectronicDigital Content Store(s) 103 to identify the downloadable Content 113being purchased by a customer when interfacing with the Offer Database181 to retrieve the Offer SC(s) 641 for packaging and transmittal to theEnd-User(s). See the Transaction Processor Module 175 section for moredetails.

[0902] In another embodiment, the Electronic Digital Content Store(s)103 hosts the Content SC(s) 641 at his site. This embodiment requireschanges to the Offer SC(s) 641 such as the replacement of the URL of theContent Hosting Site(s) 111 with the URL of the Electronic DigitalContent Store(s) 103.

[0903] 3. Transaction Processing Module 175

[0904] Electronic Digital Content Store(s) 103 directs billing toClearinghouse(s) 105. Alternatively, the Electronic Digital ContentStore(s) 103 may request financial clearance direct from theClearinghouse(s) 105. There are two basic modes for processingEnd-User(s) purchase requests for downloadable Content 113. If theElectronic Digital Content Store(s) 103 does not wish to handle thefinancial settlement of the purchase and has no special promotions orincentives governing the sale of the merchandise and does not use ashopping cart metaphor for batching the purchase requests, it may opt toprovide links on its Content 113 download pages directly to the OfferSC(s) 641 files. These Offer SC(s) 641 would have to have been builtwith retail pricing information included in the metadata. Also includedin the Offer SC(s) 641 is a special HTML offer page presenting thepurchase options with terms and conditions of the sale. This page isbuilt from a template created when the Offer SC(s) 641 was built. Whenthe End-User(s) clicks on the direct link to the Offer SC(s) 641, theOffer SC(s) 641 is downloaded to the browser End-User Device(s) 109launching a helper application which opens the container and present theoffer page included in the Offer SC(s) 641. This page contains a form tocollect customer information including credit card information andpurchase option selection. The form then gets submitted directly to theClearinghouse(s) 105 for financial settlement and processing.Optionally, this form may contain the fields needed to use theEnd-User(s)' credit information or industry standard local transactionhandler.

[0905] An embodiment where the Electronic Digital Content Store(s) 103handles billing is now described. The more typical mode of handlingpurchase requests is to allow the Electronic Digital Content Store(s)103 to process the financial settlement and then submit the downloadauthorization to the End-User(s). This method allows the ElectronicDigital Content Store(s) 103 to integrate sale of downloadable Content113 with other merchandise offered for sale at his site, allows batchprocessing of purchase requests with only one consolidated charge to thecustomer (via a shopping cart metaphor) instead of individual chargesfor each download request, and allows the Electronic Digital ContentStore(s) 103 to directly track his customers buying patterns and offerspecial promotions and club options. In this environment, the offer ofdownloadable Content 113 is included in his shopping pages which getadded to a shopping cart when selected by the End-User(s) and getprocessed and financially settled as is done in the Electronic DigitalContent Store(s)' 103 current shopping model. Once the financialsettlement is completed, the commerce handling process of the ElectronicDigital Content Store(s) 100 then calls the Transaction Processor Module175 to complete the transaction.

[0906] Transaction Processor Module 175

[0907] The role of the Transaction Processor Module 175 is to puttogether the information needed by the End-User Device(s) 109 toinitiate and process the download of the Content 113 purchased. Thisinformation is packaged into a Transaction SC(s) 640 which is sent backto the End-User Device(s) 109 by the Web Server as the response to thepurchase submission. The Transaction Processor Module 175 requires threepieces of information from the commerce handling process of theElectronic Digital Content Store(s) 103: the Product IDs for the Content113 purchased, Transaction Data 642, and an HTML page or CGI URLacknowledging the purchase settlement.

[0908] The Product ID is the value provided to the Electronic DigitalContent Store(s) 103 in the Metadata SC(s) 620 associated to the Content113 just sold. This Product ID is used to retrieve the associated OfferSC(s) 641 from the Offer Database 181.

[0909] The Transaction Data 642 is a structure of information providedby the transaction processing function of the Electronic Digital ContentStore(s) 103 which is later used to correlate the Clearinghouse(s) 105processing with the financial settlement transaction performed by theElectronic Digital Content Store(s) 103 and to provide user identityinformation to be included in the watermark of the Content 113downloaded to the End-User Device(s) 109. When the Clearinghouse(s) 105receives a valid Order SC(s) 650, it logs a transaction indicating theContent 113 that was sold, which Electronic Digital Content Store(s) 103sold it and the associated Transaction Data 642 including the End-User'sName and a Transaction ID 535. The Transaction ID 535 provides areference to the financial settlement transaction. This information islater returned by the Clearinghouse(s) 105 to the Electronic DigitalContent Store(s) 103 for use in reconciling its accounts with thebilling statements received from the Content Provider(s) 101 (or hisagent). The Clearinghouse Transaction Log 178 can be used by the ContentProvider(s) 101 to determine what Content 113 of his has been sold andenables him to create a bill to each Electronic Digital Content Store(s)103 for royalties owed him. Other electronic means besides billing canalternatively be used to settle accounts between the Content Provider(s)101 and Electronic Digital Content Store(s) 103.

[0910] The information provided in the Transaction SC(s) 640 and thesecurity and integrity of the Transaction SC(s) 640 provide sufficientauthenticity to the Clearinghouse(s) 105 that the purchase transactionis valid and thus no further validation is required prior to the loggingof this sale by the Clearinghouse(s) 105. The Electronic Digital ContentStore(s) 103, however, has the option to request authentication beforeits accounts are charged (transaction logged at the Clearinghouse(s) 105indicating to the Content Provider(s) 101 that this Electronic DigitalContent Store(s) 103 has collected money for the sale of this Content113). This request for authentication/notification is indicated by aflag in the Transaction Data 642. In this scenario, the Clearinghouse(s)105 contacts the Electronic Digital Content Store(s) 103 and receiveauthorization from the Electronic Digital Content Store(s) 103 beforethe charge to his account and the release of the encryption Key 623. TheTransaction ID 535 is passed to the Electronic Digital Content Store(s)103 from the Clearinghouse(s) 105 as part of this authentication requestto enable the Electronic Digital Content Store(s) 103 to associate thisrequest to a prior transaction performed with the End-User(s). ThisTransaction ID 535 can be any unique value the Electronic DigitalContent Store(s) 103 wishes to use and is solely for its benefit.

[0911] The Transaction Data 642 also contains a customer name. This namecan be from the user name field of the purchase form filled out by theuser when making his purchase, or from information logged previouslyduring some user registration process with the Electronic DigitalContent Store(s) 103, or the official name obtained from credit cardinformation associated with the card used in this transaction. This nameis later included in the License Watermark 527.

[0912] The Transaction Data 642 also contains the Store Usage Conditions519 purchased by the End-User(s). This information is included in theLicense Watermark 527 and used by the End-User Device(s) 109 in Copy andPlay Control.

[0913] The final parameter required by the Transaction Processor Module175 is the HTML page or CGI URL acknowledging the purchase settlement.The purpose of this is to allow the Electronic Digital Content Store(s)103 to respond to the End-User(s) with an acknowledgment of thefinancial settlement and whatever other information he wishes to includein the response. This HTML page or CGI URL is included in theTransaction SC(s) 640 and is displayed in the browser window of theEnd-User Device(s) 109 when the Transaction SC(s) 640 is received andprocessed.

[0914] The Transaction SC(s) 640 is the HTTP response to the End-User(s)from the Electronic Digital Content Store(s) 103 after processing thepurchase submission. Sending a SC(s) as the direct HTTP response forcesthe automatic loading on the End-User Device(s) 109 of a SC(s) ProcessorHelper Application thus allowing automatic completion of the transactionwithout depending on further End-User(s) initiated actions. This processis described in more detail in the End-User Device(s) 109 and PlayerApplication 195 section later.

[0915] When the Transaction Processor Module 175 is called with therequired parameters, it builds a Transaction SC(s) 640 containing theTransaction Data 642, the transaction acknowledgment HTML page orreference URL other required security features of the SC(s), andretrieves and imbeds the Offer SC(s) 641 associated with the purchase.It also logs information about this transaction for later use by theNotification Interface Module 176 and the Account Reconciliation Tool179.

[0916] 4. Notification Interface Module 176

[0917] The Notification Interface Module 176 is a Web Server sideexecutable routine (CGI or function callable by NSAPI, ISAPI orequivalent). It handles optional requests and notifications from theClearinghouse(s) 105, the End-User Device(s) 109, the Content HostingSite(s) 111, and the Content Provider(s) 101. The events that theElectronic Digital Content Store(s) 103 can optionally requestnotification for are:

[0918] Notification from the Clearinghouse(s) 105 that the End-UserDevice(s) 109 requested an encryption Key 623 and the Clearinghouse(s)105 is releasing the encryption Key 623 for the specified Content 113.This notification can optionally be configured to require authenticationfrom the Electronic Digital Content Store(s) 103 prior to the encryptionKey 623 being sent to the End-User Device(s) 109.

[0919] Notification from the Content Hosting Site(s) 111 that theContent SC(s) 630 has been sent to the End-User Device(s) 109.

[0920] Notification from the End-User Device(s) 109 that the ContentSC(s) 630 and the License SC(s) 660 have been received and successfullyused to process the Content 113 or was found to be corrupt.

[0921] Notification from the Content Provider(s) 101 that new Content113 has been placed in the Content Promotions Web Site 156.

[0922] None of these notifications are a required step in the SecureDigital Content Electronic Distribution System flows 100 but areprovided as options to allow the Electronic Digital Content Store(s) 103the opportunity to close its records on the satisfaction of completionof the sale. It also provides information that maybe needed to handlecustomer service requests by letting the Electronic Digital ContentStore(s) 103 know what functions have transpired since financialsettlement of the transaction or what errors occurred during an attemptto complete the sale. Alternatively, much of this status can be obtainedfrom the Clearinghouse(s) 105 through the Customer Service Interface 184as needed.

[0923] Frequency of notification of new Content 113 available at theContent Promotions Web Site 156 is determined by the Content Provider(s)101. Notification may be provided as each new Metadata SC(s) 620 isadded or just daily with all new Metadata SC(s) 620 added that day.

[0924] All of these notifications result in entries being made to theTransaction Log 178. If the Electronic Digital Content Store(s) 103wishes to perform his own processing on these notifications, he canintercept the CGI call, perform his unique function and then optionallypass the request on to the Notification Interface Module 176.

[0925] 5. Account Reconciliation Tool 179

[0926] This Account Reconciliation Tool 179 contacts theClearinghouse(s) 105 to compare the Transaction Log 178 with the log ofthe Clearinghouse(s) 105. This is an optional process which is availableto help the Electronic Digital Content Store(s) 103 feel comfortablewith the accounting for the Secure Digital Content ElectronicDistribution System 100.

[0927] In another embodiment, this tool can be updated to provideelectronic funds transfers for automated periodic payments to theContent Provider(s) 101 and the Clearinghouse(s) 105. It can also bedesigned to automatically process payments upon reception of anelectronic bill from the Clearinghouse(s) 105 after reconciling the billagainst the Transaction Log 178.

[0928] C. Broadcast Electronic Digital Content Distribution Service

[0929] Broadcast primarily refers to a one to many transmission methodwhere there is no personal interaction between the End-User Device(s)109 and the Electronic Digital Content Store(s) 103 to customizeon-demand viewing and listening. This is typically provided over adigital satellite or cable infrastructure where the Content 113 ispreprogrammed so that all End-User Device(s) 109 receive the samestream.

[0930] A hybrid model can also be defined such that an ElectronicDigital Content Store(s) 103 provides a digital content serviceorganized in such a way that it can offer both a web distributioninterface via an Internet connection as well as a higher bandwidthsatellite or cable distribution interface via a broadcast service, witha great deal of commonality to the site design. If the IRD back channelserial interface were connected to the web, and the IRD supported webnavigation, the End-User(s) could navigate the digital content servicein the usual way via the back channel Internet interface, previewing andselecting Content 113 to purchase. The user can select high qualitydownloadable Content 113, purchase these selections, and receive therequired License SC(s) 660 all via an Internet connection and thenrequest delivery of the Content 113 (Content SC(s) 630) over the higherbandwidth broadcast interface. The Web service can indicate whichContent 113 would be available for download in this manner based on thebroadcast schedule or could build the broadcast streams based totally onpurchased Content 113. This method would allow a Web based digitalcontent service to contract with a broadcast facility to deliver highquality Content 113 to users equipped with the proper equipment making alimited number of specific Content 113 (e.g. songs or CDS) availabledaily in this manner and the entire catalog available for download inlower quality via the web interface.

[0931] Other broadcast models can be designed where there is no webinterface to the End-User Device(s) 109. In this model, promotionalcontent is packaged in specially formatted digital streams for broadcastdelivery to the End-User Device(s) 109 (i.e. IRD) where specialprocessing is performed to decode the streams and present theEnd-User(s) with the promotional content from which purchase selectionscan be made.

[0932] The actual purchase selections would still be initiated via backchannel communications from the End-User Device(s) 109 to theClearinghouse(s) 105 and would utilize SC(s) to perform all dataexchange. The toolset provided to the Electronic Digital ContentStore(s) 103 has been architected and developed in such a way that mostof the tools apply to both a point-to-point Internet service offering aswell as a broadcast satellite or cable offering. The tools used by aDigital Content Web Site Electronic Digital Content Store(s) 103 toacquire and manage Content 113 as well as prepare SC(s) is also used bya satellite based Electronic Digital Content Store(s) 103 to manage andprepare Content 113 for distribution on a broadcast infrastructure. TheSC(s) distributed over a Web service are the same as those distributedover a broadcast service.

[0933] X. End-user Device(s) 109

[0934] The applications in the End-User Device(s) 109 for the SecureDigital Content Electronic Distribution System 100 perform two mainfunctions: first the SC(s) processing and copy control; and secondplayback of encrypted Content 113. Whether the End-User Device(s) 109 isa Personal Computer or a specialized electronic consumer device, it hasto be capable of performing these base functions. The End-User Device(s)109 also provides a variety of additional features and functions likecreating play lists, managing the digital content library, displayinginformation and images during content playback, and recording toexternal media devices. These functions vary based on the services theseapplications are supporting and the type of devices the applications aredesigned for.

[0935] A. Overview

[0936] 1. Delivery Over Telecommunications Infrastructure

[0937] Referring now to FIG. 10, shown is the major components andprocesses and End-User Device(s) 109 Functional Flow. The applicationsdesigned to support a PC based web interface Content 113 serviceconsists of two executable software applications: the SC(s) Processor192 and the Player Application 195. The SC(s) Processor 192 is anexecutable application which is configured as a Helper Application intothe End-User(s) Web Browser 191 to handle SC(s) File/MIME Types. Thisapplication is launched by the Browser whenever SC(s) are received fromthe Electronic Digital Content Store(s) 103, the Clearinghouse(s) 105,and the Content Hosting Site(s) 111. It is responsible for performingall required processing of the SC(s) and eventually adding Content 113to the Digital Content Library 196 of the End-User(s).

[0938] The Player Application 195 is a stand alone executableapplication which the End-User(s) loads to perform Content 113 in hisDigital Content Library 196, manage his Digital Content Library 196 andcreate copies of the Content 113 if permitted. Both the PlayerApplication 195 and SC(s) Processor 192 applications can be written inJava, C/C++ or any equivalent software. In the preferred embodiment, theapplications can be downloaded from computer readable means such aswebsite. However, other delivery mechanisms are also possible such asbeing delivered on computer readable media such as diskettes or CDS.

[0939] The searching and browsing of Content 113 information, previewingof, for example, song clips, and selecting songs for purchase is allhandled via the End-User(s) Web Browser 191. Electronic Digital ContentStore(s) 103 provides the shopping experience in the same way that isoffered today by many Content 113 retailing web sites. The difference tothe End-User(s) over today's web based Content 113 shopping is that theymay now select downloadable Content 113 objects to be added to theirshopping cart. If the Electronic Digital Content Store(s) 103 has othermerchandise available for sale in addition to the downloadable objects,the End-User(s) may have a combination of physical and electronicdownloadable merchandise in his shopping cart. The Secure DigitalContent Electronic Distribution End-User Device(s) 109 are not involveduntil after the End-User(s) checks out and submits his final purchaseauthorization to the Electronic Digital Content Store(s) 103. Prior tothis point, all interaction is between the Web Server for the ElectronicDigital Content Store(s) 103 and the Browser 191 on the End-UserDevice(s) 109. This includes preview of sample Digital Content clips.Digital Content clips are not packaged into SC(s) but instead areintegrated into the web service of the Electronic Digital ContentStore(s) 103 as downloadable files or fed from a streaming server. Theformat of the Content 113 clip is not dictated by the systemarchitecture. In another embodiment, the Player Application 195 couldinteract directly with the Electronic Digital Content Store(s) 103 orClearinghouse(s) 105 or offline using a promotional CD.

[0940] 2. Delivery Over A Computer Readable Medium

[0941] In this alternate embodiment, instead of down loading Content 113or even the Player Application 195 itself over telecommunications linessuch as telephone lines, cable TV, direct TV, the Internet and otherwired and wireless communications infrastructure, in this embodiment acomputer readable medium is described. Computer readable medium includesfloppy diskettes, CDS, DVDS, Portable Flash Memory, ZipDrives™,removable hard disk drives and any other removable medium from which acomputer can read information. For simplicity, in this embodiment, thecomputer readable medium is a CD 1802 and the Content 113 is music. TheCD 1802 takes the place of the Content Hosting Sites 111 to permit themusic to be distributed over physical media rather than throughelectronic means such as broadband. The CD 1802 contains music samplesand multiple compressed and encrypted music tracks in a Content SC 630and the associated metadata about the Content 113. The sample tracks inthe audio session can be played back in a standard CD player. Whenmounted in an CD drive of the End User Device(s) 109 automaticallystarts a Web Browser 191 that allows an end-user to listen to the musicsamples and select one or more of the compressed and encrypted songs forpurchase.

[0942] The overall buying transaction process is the same as that useddescribed for the download of Content 113 from Content Hosting Site(s)111. The difference lies in that the encrypted Content 113 is notdownloaded from the Content Hosting Site(s) 111, but rather the Content113 is read in Content SC(s) 630 stored on CD 1802. Thus, the use of theCD 1802 eliminates the long download times over narrow-band Internet,and the need for a broadband Internet channel. As previously described,for the telecommunications distribution of Content 113, the end-userusing the End User Device(s) 109 access the encryption Key 623 to renderthe Content 113 by receiving a Transaction S C(s) 641 from theElectronic Digital Content Store(s) 103. In an alternative embodiment,the modified Transaction SC(s) 1832 is received from the ContentProvider(s) 101, or the Clearing House(s) 105 or any other third partysource for process purchase authorizations.

[0943] The number of compressed and encrypted songs that can fit onto CD1802 depends on the number and playing time of the music samples in theaudio session and on the compressed music data rate and the length ofeach song. For example, if about twenty (20) second music samples areallowed, then about four (4) musical works of 60-minute lengthcompressed at 256 kilobit/second or eight (8) of 60-minute length albumscompressed at 128 kilobit/second will fit onto CD 1802. If the computerreadable medium is a DVD instead of a CD 1802, the current DVDtechnology stores around 5 times the number of compressed musical worksover the CD media. Accordingly with current DVD technology it ispossible to store twenty (20) 60-minute musical works compressed at 256kilobits/second and forty (40) 60 minute albums compressed at 128kilobit/second.

[0944] One embodiment for the information stored on the CD 1802 is nowdescribed. The information also known as the as the promotional package1801 is broken down into two general areas known: (i) Content SessionArea 1804, in this example audio content; and (ii) Data Session 1806,which ties into the functionality of the Player Application 195.

[0945] Content Session Area 1804 includes:

[0946] An informational audio track 1808 with information about thecontent of the CD 1802 and the procedure to buy one of the includedcompressed song or songs.

[0947] About 20 30-second audio tracks 1820 of promotional music.

[0948] Data session 1806 includes:

[0949] Autorun.exe 1812 program that launches the data session in theEnd User Device(s) 109. If the autorun function in Microsoft Windows isenabled, the CD's autorun.exe 1812 is automatically launched. Otherwise,the End-User Device(s) 109 must manually launch the autorun.exe 1812. Areadme.txt file (not shown) in the CD 1802 has information to guide theend user when the autorun function is not available in this case. Aspart of its execution, the autorun.exe 1812 opens the first HTML page ofHTML pages 1816 on the CD 1802, which in turn launches the Web Browser191 and the Web Browser 191 automatically registers the logical driveidentifier from which the first HTML page was opened and uses it as thecurrent reference drive.

[0950] Autorun.ini 1814 file that points to the first HTML page of HTMLpages 1816 on CD 1802.

[0951] Readme.txt (not shown) file with instructions to guide theEnd-user to launch the autorun.exe 1812 program, if the autorun functionin Windows is not enabled. This text file also provides information onthe purpose of the CD 1802 and the process to purchase music.

[0952] Player Application Installation Package 1818 permits the end-userto install the Player Application 195 on the End User Device(s) 109.

[0953] Set of HTML pages 1816 support navigation of the ed-user toselect music and gather end-user's credit card information to send toElectronic Digital Content Store(s) 103.

[0954] Data set for each compressed album.

[0955] Content SC(s) 630 and associate metadata.

[0956] Offer SC(s) 641 points to the Content SC(s) 630 and track filesin the CD 1802. The Content SC(s) 630 and the track files are located inthe CD 1802 based on a fixed directory structure.

[0957] A modified Transaction SC(s) 1824 is similar to the TransactionSC(s) 640 in the telecommunications embodiment and the modifiedTransaction SC(s) 1824 contains identifiers pointing to the Offer SC(s)641 on the CD 1802, and the available Usage Conditions 519. The modifiedTransactions SC(s) 1824 maybe digitally signed with a Digital Signature624 of the Content Provider(s) 101.

[0958] Turning now to FIG. 19, is a flow diagram of the alternativeembodiment of FIG. 18 for acquiring rights to digital content, accordingto the present invention. The process begins with the end-user loadingthe CD 1802 into the End-User Device(s) 109, step 1902. The end-user canlisten to the information audio track and the music samples and othermultimedia promotional materials, step 1904. The end-user interacts withthe HTML pages read from the CD 1802, the end-user selects the musiche/she wants to buy and provides credit card information. The HTML pages1816 presents to the end-user the price and Usage Conditions 519 such asthose done in the Offer SC(s) 640 in the telecommunications embodiment.

[0959] Once the end-user selects the albums for purchase and providesthe credit card information, a browser script program running on WebBrowser 191 transfers a Notify SC(s) 1822 derived from the CD 1802 andtransferred to a payment site such as the Electronic Digital ContentStore(s) 103, step 1906. A secure connection, such as an SSL connection,is used between the End-User Device(s) 109 and the payment site is usedto protect the transfer of the credit card and selection informationagainst eavesdropping in the Internet.

[0960] After achieving payment authorization, a modified TransactionSC(s) 1824 is received by the Web Browser 191. This modified TransactionSC(s) 1824 is similar to the regular modified Transaction SC(s) 640, butit does not carry the Offer SC(s) 641 and includes the Notify SC(s)1822. That is, modified Transaction SC(s) 1824 carries Transaction Data642, the Notify SC(s) 1822 and the Usage Conditions 519 for the music,step 1908.

[0961] The Play Application 195 receives the Offer SC(s) 641 for theselected music from the CD 1802. The application then proceeds with theregular interaction with the Clearinghouse(s) 105 to acquire a LicenseSC(s) 660 for the selected Content 113 as describe above in FIG. 6 forthe telecommunications embodiment, step 1910.

[0962] After a License SC(s) 660 for the Content 113 is received, thePlayer Application 195 copies the corresponding Content SC(s) 630 fromthe CD 1802, and proceeds with the regular processing of those parts asdescribed in the telecommunications embodiment above for FIG. 6.

[0963] The content preparation for the CD 1802 is the same system andmethods as described in “Section VIII Content Provider” above. Butinstead of creating Content SC(s) 630 for distribution overtelecommunications networks, the Content SC(s) 630 and Offer SC(s) 640are written to the CD 1802. Included on the CD 1802 are the Notify SC(s)1822 for each song, Offer SC(s) for each song, and a set of HTML pages1816. The autorun.exe 1812, the autorun.ini 1814 and the End-UserApplication Installation Package 1818 may be included in the CD 1802.

[0964] The changes necessary in the Player Application 195 to supportboth the telecommunications embodiment of delivering Content 113 as wellas this computer readable medium distribution embodiment may include allthe components listed in “Section X. D The Player Application” below.This makes the compatible with both embodiment of delivery. in addition,the functions of the Player Application Installation Package 1818includes the software that:

[0965] Allows the end-user to select the albums that are included in theCD 1802.

[0966] Allows the end-user to point to the locations of the offer SC(s)641, the Content SC(s) 630. If the needed Offer SC(s) 641 are notavailable on CD 1802 then an HTML address is provided to an ElectronicDigital Content Store(s) 103.

[0967] Create the Notify SC(s) 1822 composed of identifiers for thecorresponding Offer SC(s) 641, the Digital Signature 641 and theavailable Usage Conditions 519.

[0968] Allows the creation of HTML pages that will guide the end-user inthe selection and purchase of music. The HTML page creation will bebased on page templates. The templates should allow the creation andcustomization of HTML pages 1816 that can contain information on themusic. The information about each song can include jacket and cover art,lyrics and usage conditions. The templates allow the creation andcustomization of HTML forms that will be presented to the end-user tocollect credit card information.

[0969] Allows the operator to point to the locations of the autorun.exe1812 file, the autorun.ini 1814 file and the Player ApplicationInstallation Package 1818.

[0970] Allows the end-user to modify the autorun.ini 1814 file so thatit points to the first HTML page of the HTML pates 1816 to be presentedto the end-user.

[0971] Allows the end-user to select the audio information and musicsample tracks and to point to online URLS.

[0972] What has been described thus far is content delivery on a CD1802. It should be noted that the promotional encrypted content on theCD can be part of the regular music or DVD CD. The CD 1802 can becreated by the process in Sub-section 4. “Decryption 1505, Decompression1506 and Playback Components 1506” in Section D “The Player Application195” below. The CD 1802 contains the Promotional Package 1801 from aContent Provider(s) 101 or from the Electronic Digital Content Store(s)103. When this CD 1802 is played, this enables the user or a friend of auser to very quickly purchase rights to the Content 113 on CD 1802. Inother words, if a user takes a CD 1802 to a friends house to listen toit, the friend can purchase the rights to make a copy of the CD 1802 fortheir own use, without having to download the Content 113 from theContent Hosting Site(s) 111. This enables very fast propagation ofpromotional Package 1801 between friends and associates. Rather thanreturning to the store or downloading Content 113 over the Internet, thefriend can create a copy of the Content 113 encrypted on CD 1802 usingthe process flow described in FIG. 19 below. Besides the Content 113,the Player Application 195 can also be delivered on the CD 1802, topermit fast propagation of the Player Application 195 through acommunity.

[0973] In yet another embodiment, the Promotional Package 1801 can beE-mailed between end users. Although the transmission of compressedfiles is still slow over telephone lines today. In the further higherspeed networks such as Cable-Modems will increase the capacity. Bygiving users the ability to E-mail the Promotional Packages 1801 toothers, the Content 113 can be purchased by anyone in the E-mail list

[0974] B. Application Installation

[0975] The Player Application 195 and the Helper Application 1981 arepackaged into a self installing executable program which is availablefor download from many web sites or via the embodiment above in thesection X.A.3 Delivery Over Computer Readable Medium. TheClearinghouse(s) 105 acts as a central location which hosts the masterdownload page at a public web site. It contains links to the locationsfrom which the installation package can be downloaded. The installationpackage is available at all Content Hosting Site(s) 111 to providegeographic dispersal of the download requests. Each participatingElectronic Digital Content Store(s) 103 can also make the packageavailable for download from their site or may just provide a link to themaster download page at the public web site of the Clearinghouse(s) 105.

[0976] Any End-User(s) wishing to purchase downloadable Content 113,downloads and install this package. The installation is self containedin this downloadable package. It unpacks and installs both the HelperApplication 198 and the Player Application 195 and also configure theHelper Application 198 to the installed Web Browser(s).

[0977] As part of the installation, a Public/Private Key 661 pair iscreated for the End-User Device(s) 109 for use in processing Order andLicense SC(s) 660. A random Symmetric Key (Secret User Key) is alsogenerated for use in protecting song encryption keys in the LicenseDatabase 197. The Secret User Key (not shown) is protected by breakingthe key into multiple parts and storing pieces of the key in multiplelocations throughout the End-User(s)' computer. This area of the code isprotected with Tamper Resistant Software technology so as not to divulgehow the key is segmented and where it is stored. Preventing access tothis key by even the End-User(s) helps to prevent piracy or sharing ofthe Content 113 with other computers. See the SC(s) Processor 192section for more details on how these keys are used.

[0978] Tamper-resistant software technology is a method to deterunauthorized entry into a computer software application by a hacker.Typically a hacker wants to understand and/or modify the software toremove the restrictions on the usage. In practicality, no computerprogram exists that cannot be hacked; that is why tamper-resistantsoftware is not called “tamper-proof”. But the amount of effort requiredto hack a tamper-resistance protect application usually deters mosthackers because the effort is not worth the possible gain. Here theeffort would be to gain access to a key to one piece of Content 113,perhaps a single song on a CD.

[0979] One type of tamper-resistant software technology is from IBM. Oneproduct this code was introduced is in the IBM ThinkPad 770 laptopcomputer. Here, the tamper-resistant software was used to protect theDVD movie player in the computer. Digital Content Provider(s) such asHollywood studios, concerned about the advent of digital movies and theease at which perfect copies can be made, have insisted that movies onDVD disc(s) contain copy protection mechanisms. IBM's tamper-resistantsoftware made it difficult to circumvent these copy protectionmechanisms. This is a very typical application for tamper-resistantsoftware; the software is used to enforce rules on the usage of someprotected type of Content 113.

[0980] IBM's tamper-resistant software puts several types of obstaclesin the path of the attacker. First, it contains techniques to defeat, orat least reduce the effectiveness of, the standard software tools thatthe hacker uses: debuggers and disassemblers. Second it containsself-integrity checking, so that single modifications, or even smallhandfuls of modifications, will be detected and cause incorrectoperation. Finally, it contains obfuscations to mislead hackersregarding its true operation. The latter technique is largely ad hoc,but the first two build upon well-known tools in cryptography:encryption and digital signatures.

[0981] C. Secure Container Processor 192

[0982] When the End-User(s) submits the final purchase authorization tothe Electronic Digital Content Store(s) 103 for the merchandise he hascollected in his shopping cart, his Web Browser remains active waitingfor a response from the Web Server. The Web Server at the ElectronicDigital Content Store(s) 103 processes the purchase and performs thefinancial settlement and then returns a Transaction SC(s) 640 to theEnd-User Device(s) 109. The SC(s) Processor 192 (Helper Application 198)is launched by the Web Browser to process the SC(s) mime type associatedwith the Transaction SC(s) 640. FIG. 14 is an example of user interfacescreens of the Player Application 195 downloading content to a locallibrary as described in FIG. 10 according to the present invention.

[0983] The SC(s) Processor 192 opens the Transaction SC(s) 640 andextract the Response HTML page and Offer SC(s) 641 contained within. TheResponse HTML page is displayed in the Browser window acknowledging theEnd-User(s)' purchase. The Offer SC(s) 641 are then opened and theContent 113 (e.g. song or album) names along with the projected downloadtimes are extracted from them, step 1401. A new window is then displayedwith this information and the End-User(s) is presented with options toschedule the download(s) of the Content 113 (e.g. for music, songs orentire albums), step 1402. The End-User(s) can select immediate downloador can schedule the download to occur at a later time. If a later timeis selected, the download schedule information is saved in a log and thedownload is initiated at the scheduled time if the End-User Device(s)109 is powered on at that time. If the computer is not active at thescheduled download time or the communication link is not active, theEnd-User(s) is prompted to reschedule the download when the computer isnext powered up.

[0984] When the scheduled download time occurs or if immediate downloadwas requested, the SC(s) Processor 192 creates Order SC(s) 650 frominformation in the Transaction SC(s) 640, Offer SC(s) 641, and thePublic Key 661 of the End-User(s) generated at install time. This OrderSC(s) 650 is sent via HTTP request to the Clearinghouse(s) 105. When theClearinghouse(s) 105 returns the License SC(s) 660, the HelperApplication 198 is re-invoked to process the License SC(s) 660. TheLicense SC(s) 660 is then opened and the URL of the Content HostingSite(s) 111 is extracted from the referenced Order SC(s) 650. TheLicense SC(s) 660 is then sent to the specified Content Hosting Site111, via http request through the Browser, requesting download of theContent SC(s) 630. When the Content SC(s) 630 comes back to the Browser,the Helper Application 198 is re-invoked again. The SC(s) Processor 192displays the name of the Content 113 being downloaded along with adownload progress indicator and an estimated time to completion.

[0985] As the Content 113 is being received by the SC(s) Processor 192,it loads the Content 113 data into memory buffers for decryption. Thesize of the buffers depends on the requirements of the encryptionalgorithm and watermarking technology 193 and is the minimum sizepossible to reduce the amount of unencrypted Content 113 exposed tohacker code. As a buffer is filled, it is decrypted using the Key 623(corresponding to the Public Key 661) of the End-User(s) extracted fromthe License SC(s) 660, which itself is first decrypted using the PrivateKey. The decrypted buffer is then passed to the watermarking function.

[0986] The watermarking 193 extracts the watermarking instructions fromthe License SC(s) 660 and decrypt the instructions using the Private Keyof the End-User(s). The watermarking data is then extracted from theLicense SC(s) 660 which includes transaction information such as thepurchaser's name as registered with the Electronic Digital ContentStore(s) 103 from which this Content 113 was purchased or derived fromthe credit card registration information if the Electronic DigitalContent

[0987] Store(s) 103 does not provide a registration function. Alsoincluded in the watermark is the purchase date and the Transaction ID535 assigned by the Electronic Digital Content Store(s) 103 to referencethe specific records logged for this transaction. The Store UsageConditions 519 are also included to be used by the Copy Control of thePlayer Application 195.

[0988] The Watermarking 193 is protected with Tamper Resistant Codetechnology so as not to divulge the watermarking instructions thuspreventing a hacker from discovering the location and technique of thewatermark. This prevents removal or modification of the watermark by ahacker.

[0989] After inscribing any required watermark to this content buffer,the buffer is passed to the scrambling function for Re-Encryption 194. Aprocessor efficient secure encryption algorithm such as IBM's SEALencryption technology is used to re-encrypt the Content 113 using arandom Symmetric Key. Once the download and Decryption and Re-Encryption194 process is complete, the encryption Key 623 used by the ContentProvider(s) 101 to originally encrypt the Content 113 is now destroyedand the new SEAL key is itself encrypted using the Secret User Keycreated and hidden at installation time. This new encrypted Seal Key isnow stored in the License Database 107.

[0990] Unlike source performed at the Content Provider(s) 101 and userwatermarking performed at the End User Device(s) 109 may need to becomean industry standard to be effective. These standards are stillevolving. The technology is available to allow control information to beembedded in the music and updated a number of times. Until such time asthe copy control standards are more stable, alternative methods of copycontrol have been provided in the Secure Digital Content ElectronicDistribution System 100 so that it does not rely on the copy controlwatermark in order to provide rights management in the consumer device.Storage and play/record usage conditions security is implementedutilizing encrypted DC Library Collections 196 that are tied to the EndUser Device(s) 109 and protected via the Tamper Resistant Environment.Software hooks are in place to support copy control watermarking whenstandards have been adopted. Support exists today for watermarking AACand other encoded audio streams at a variety of compression levels butthis technology is still somewhat immature at this time to be put to useas a sole method of copy control.

[0991] The Decryption and Re-Encryption 194 process is another area ofthe code that is protected with Tamper Resistant Code technology so asnot to divulge the original Content 113 encryption key, the new SEALkey, the Secret User Key, and where the Secret User Key segments arestored and how the key is segmented.

[0992] The process of Decryption and Re-Encryption 194 serves twopurposes. Storing the Content 113 encrypted with an algorithm like SEALenables faster than real-time decryption and requires much lessprocessor utilization to perform the decryption than does amore industrystandard type algorithm like DES. This enables the Player Application195 to perform a real-time concurrent decryption-decode-playback of theContent 113 without the need to first decrypt the entire file for theContent 113 prior to decode and playback. The efficiency of the SEALalgorithm and a highly efficient decode algorithm, allows not onlyconcurrent operation (streaming playback from the encrypted file) butalso allows this process to occur on a much lower powered systemprocessor. Thus this application can be supported on a End-UserDevice(s) 109 as low end as a 60 MHz Pentium system and perhaps lower.Separating the encryption format in which the Content 113 is finallystored from the original encryption format, allows for greaterflexibility in the selection of the original content encryptionalgorithm. Thus use of widely accepted and proven industry standardalgorithms can be used thus further enhancing Digital Content Industryacceptance of the Secure Digital Content Electronic Distribution System100.

[0993] The second purpose of this Decryption and Re-Encryption 194process is to remove the requirement that the original master encryptionKey 623, used by the Content Provider(s) 101 to encrypt this Content113, be stored on every End-User Device(s) 109 which has licensed thisContent 113. The encrypted master Key 623, as part of the License SC(s)660, is only cached on the hard disk of the End-User Device(s) 109 for avery short time and is in the clear only in memory and for a very shorttime. During this execution phase, the Key 623 is protected via TamperResistant Code technology. Not having to retain this Key 623 in any formon the End-User Device(s) 109 once this Decryption and Re-Encryption 194phase has completed, greatly lessens the possibility of piracy fromhackers.

[0994] Once the song has been re-encrypted, it is stored in the DigitalContent Library 196. All metadata required for use by the PlayerApplication 195, is extracted from the associated Offer SC(s) 641 andalso stored in the Digital Content Library 196, step 1403. Any parts ofthe metadata which are encrypted, such as the song lyrics, are decryptedand re-encrypted in the same manner as described above for the othercontent. The same SEAL key used to encrypt the Content 113 is used forany associated metadata needing to be encrypted.

[0995] D. The Player Application 195

[0996] 1. Overview

[0997] The Secure Digital Content Electronic Distribution PlayerApplication 195 (referred to here as the Player Application 195) isanalogous to both a CD, DVD or other Digital Content player and to a CD,DVD, or other digital content storage management system. At itssimplest, it performs Content 113, such as playing songs or videos. Atanother level, it provides the End-User(s) a tool for managing his/herDigital Content Library 196. And just as importantly, it provides forediting and playing of collections of content, such as songs, (referredto here as Play-lists).

[0998] The Player Application 195 is assembled from a collection ofcomponents that may be individually selected and customized to therequirements of the Content Provider(s) 101 and Electronic DigitalContent Store(s) 103. A generic version of the player is described, butcustomization is possible.

[0999] Referring now to FIG. 15 there is shown a block diagram of themajor components and processes of the Player Application 195 running onEnd-User Device(s) 109 of FIG. 10.

[1000] There are several component-sets that makeup the subsystems ofthe Player Object Manager 1501:

[1001] 1. End-User Interface Components 1509

[1002] 2. Copy/Play Management Components 1504

[1003] 3. Decryption 1505, Decompression 1506, Playback Components 1507and may include recording.

[1004] 4. Data Management 1502 and Library Access Components 1503

[1005] 5. Inter-application Communication Components 1508

[1006] 6. Other miscellaneous (Installation, etc) Components

[1007] Components from within each of these sets may be selected, basedon the requirements of:

[1008] the platform (Windows, Unix, or equivalent)

[1009] communications protocols (network, cable, etc)

[1010] Content Provider(s) 101 or Electronic Digital Content Store(s)103

[1011] Hardware (CD, DVD, etc)

[1012] Clearinghouse(s) 105 technology and more.

[1013] The sections below detail the various component sets. The finalsection details how these components are put together in the genericplayer, and discusses how the components can be customized.

[1014] In another embodiment, the components of the Player Application195 and the SC(s) Processor 192 are available as part of a programmer'ssoftware toolkit. This toolkit enables predefined interfaces to thecomponents of the generic player application listed above. Thesepredefined interfaces are in the form of APIs or Application ProgrammingInterfaces. A developer using these APIs can implement any of thefunctionality of the components from a high level application program.By providing APIs to these components, a programmer can quickly developa customized Player Application 195 without the need to re-created thesefunctions and resources of any of these components.

[1015] 2. End-User Interface Components 1509

[1016] Components from this set combine to provide the on-screenmanifestation of the Player Application 195. Note that the designestablishes no definitive layout of these components. One such layout isprovided in the generic player. Based on requirements from ContentProvider(s) 101 and/or Electronic Digital Content Store(s) and otherrequirements, alternate layouts are possible.

[1017] This set is grouped into subgroups, starting with the componentsused to present End-User Display 1510 and handle controls calledEnd-User Controls 1511 used for such low-level functions as audioplayback, and presentation of metadata. Next, the End-User DisplayComponent 1510 is further divided by special function groupings(Play-list, Digital Content Library), and then object-containercomponents used for grouping and placing of those lower-levelcomponents.

[1018] Within the component listings below, any reference to creatingCDS or copying of Content 113 to a CD or other recordable medium onlyapplies to the case where the Player Application 195 has suchfunctionality enabled. Also note that the term CD in that context is ageneric one, that can also represent various other external recordingdevices, such as MiniDisc or DVD.

[1019]FIG. 16 is an example user interface screens of the PlayerApplication 195 of FIG. 15 according to the present invention. Functionfor the End-User Controls 1511 include (corresponding screens of anEnd-User Interface are shown 1601-1605):

[1020] Controls for performing the Content 113:

[1021] Play/Stop button

[1022] Play button

[1023] Stop button

[1024] Pause button

[1025] Skip forward button

[1026] Skip backward button

[1027] Volume control

[1028] Track position control/display

[1029] Audio channel volume level display and more.

[1030] Controls for the displaying metadata associated with the Content113

[1031] Cover Picture button

[1032] Cover Picture object

[1033] Artist Picture button

[1034] Artist Picture object

[1035] Track List button

[1036] Track List Information object

[1037] Track List Selector object (click to play)

[1038] Track Name object

[1039] Track Information object

[1040] Track Lyrics button

[1041] Track Lyrics object

[1042] Track Artist Name object

[1043] Track Credits button

[1044] Track Credits object

[1045] CD Name object

[1046] CD Credits button

[1047] CD Credits object

[1048] Generic (Configurable) Metadata button

[1049] Generic Metadata object and more.

[1050] Function for the End-User Display 1510 include (correspondingscreens of an End-User Interface are shown 1601-1605):

[1051] Play-list of display container

[1052] Play-list Management button

[1053] Play-list Management window

[1054] Digital Content search button

[1055] Digital Content search Definition object

[1056] Digital Content search Submit button

[1057] Digital Content search Results object

[1058] Copy Selected Search Result Item To Play-list button

[1059] Play-list object (editable)

[1060] Play-list Save button

[1061] Play-list Play button

[1062] Play-list Pause button

[1063] Play-list Restart button

[1064] Create CD from Play-list button and more.

[1065] Display of Digital Content Library 196

[1066] Digital content library button

[1067] Digital content librarian window

[1068] Digital content categories button

[1069] Digital content categories object

[1070] By-artist button

[1071] By-genre button

[1072] By-label button

[1073] By-category button

[1074] Delete button

[1075] Add-to-Play-list button

[1076] Copy to CD button

[1077] Song List object

[1078] Song List display container and more

[1079] Containers and Misc.

[1080] Player window container

[1081] Audio controls container

[1082] Metadata controls container

[1083] Metadata display container

[1084] Toolbar container object

[1085] Sample button

[1086] Download button

[1087] Purchase button

[1088] Record button

[1089] Player Name object

[1090] Label/Provider/Store Advertisement object

[1091] Label/Provider/Store URL button

[1092] Artist URL Button and more

[1093] 3. Copy/Play Management Components 1504

[1094] These components handle set up of encryption keys, Watermarkprocessing, Copy management, and more. Interfaces also exist forcommunication with the Clearinghouse(s) 105, transmission of purchaserequests, and more, for special services such as pay per listen or caseswhere each access to the Content 113 is accounted for. Currently, thecommunications to the Clearinghouse(s) 105 functions are handled by theSC(s) Processor 192.

[1095] The use of the Content 113 by the Player Applications 195 on EndUser Device(s) 109 is logged into a database such as the LicenseDatabase 197. The tracking of each use of Content 113 by the PlayerApplication 195 can be transmitted to one or more logging sites such asthe Clearing House(s) 105 or Content Provider(s) 101 or ElectronicDigital Content Store(s) 103 or any site designated and coupled toTransmission Infrastructures 107. This transmission can be scheduled atpredetermined times to upload the usage information to a logging site.One predetermined time contemplated is early in the morning whenTransmission Infrastructures 107 may not be as congested with networktraffic. The Player Application 195 using known techniques, wakes-up ata scheduled time, and transmit the information from the local loggingdatabase to the logging site. By reviewing the logging site information,the Content Provider(s) 101 can measure the popularity of their Content113.

[1096] In another embodiment, the instead of logging the usage ofContent 113 for later uploading to a logging site, the use of theContent 113 is uploaded to the logging site during every use of theContent 113. For example, when duplicating or copying the Content 113stored at the End User Device(s) 109, on to an external device such asDVD Disc, digital tape, flash memory, mini Disc or equivalentread/writeable removable media, the use is updates to the logging site.This maybe a precondition to copying the Content 113 in the usageconditions 206 that is transmitted when the Content 113 is purchased.This ensures the Content Provider(s) 101 can accurately track the usageof their Content 113 during their playing, duplicating or other actionsupon the Content 113.

[1097] In addition, other information about the Content 113 can beuploaded to the logging site. For example the last time (e.g., hour andday) the Content 113 was performed; how many times the Content 113 wasperformed; if the Content 113 has been duplicated or copied to anauthorized external device such as DVD Disc, digital tape or mini-Disc.In cases where there are multiple distinct users of a single PlayerApplication 195 on the End User Device(s) 109, such as different membersof a family, the identifications of the user of the Content 113 istransmitted along with the usage information to the logging site. Byreviewing the usage information uploaded to the logging site, theContent Provider(s) 101 can measure the popularity of the Content 113base on the actual usage, the identification of the user and the numberof times the Content 113 has been performed. The actual usagemeasurement makes this system more factual driven over systems usingsampling methods, such as a Nielsen Rating scheme for televisions, ortelephone surveys, where only a limited number of users are sampled atany one time and the results extrapolated. In this present embodiment,the actual usage can be measures for the users logging back onto adesignated web site such as the Electronic Digital Content Store(s) 103or Content Provider(s) 101.

[1098] 4. Decryption 1505, Decompression 1506 and Playback Components1506

[1099] These components use the keys acquired by the Copy/PlayManagement components to unlock the audio data acquired from the DataManagement and Library Access components, apply the appropriatedecompression to prepare it for playback, and use system audio servicesto play it. In an alternate embodiment, the audio data acquired from theData Management and Library Access components may be copied to removablemedia such as CDS, diskettes, tapes or MiniDisks.

[1100] 5. Data Management 1502 and Library Access Components 1503

[1101] These components are used to store and retrieve song data onvarious storage devices on the End-User(s)' system, as well as handlerequests for information about the stored songs.

[1102] 6. Inter-application Communication Components 1508

[1103] These components are used for coordination between the SecureDigital Content Electronic Distribution Player and other applications(e.g., Browser, helper-app and/or plug-in, etc) that may invoke thePlayer Application 195, or that the Player Application 195 needs to usewhen carrying out its functions. For example, when a URL control isactivated, it invokes the appropriate browser and instruct it to loadthe appropriate page.

[1104] 7. Other Miscellaneous Components

[1105] Individual components that dont fall into the categories above(e.g., Installation) are grouped here.

[1106] 8. The Generic Player

[1107] In this section the combining of the components above into aversion of the Player Application 195 is discussed. This is just one ofmany different examples possible, since the Player Application 195 isdesigned for customization by being based on software objects. ThePlayer Object Manager 1501 is a software framework holding all the othercomponents together. As discussed in the sections above, the blocksbelow the Player Object Manager 1501 in this diagram are required forany player, but may be replaced by specialized versions depending onsuch things as form of encryption or scrambling being used, types ofaudio compression, access methods for the Content 113 library, and more.

[1108] Above the Player Object Manager 1501 are Variable Objects 1512,which are mostly derived from the metadata associated with the Content113 being played or searched. These Variable Objects are made availableto the End-User Device(s) 109 byway of the End-User Display 1510 andreceived input from the End-User Controls 1511. All objects areconfigurable, and the layouts of all containers are customizable. Theseobjects maybe implemented in C/C++, Java or any equivalent programminglanguage.

[1109] Using the Player Application 195

[1110] The following embodiment is for an example where the PlayerApplication 195 running on End-User Device(s) 109 is an audio playerwhere Content 113 is music. It should be understood to those skilled inthe art that other types of Content 113 can be supported by the PlayerApplication 195. A typical audio enthusiast has a library of CDS holdingsongs. All of these are available within the Secure Digital ContentElectronic Distribution System 100. The set of songs that have beenpurchased from Electronic Digital Content Store(s) 103 are stored withina Digital Content Library 196 on his or her system. The groupings ofsongs that are analogous to physical CDS are stored as Play-lists. Insome cases a Play-list exactly emulates a CD (e.g., all tracks of acommercially available CD has been purchased from an Electronic DigitalContent Store(s) 103 as an on-line version of the CD and is defined by aPlay-list equivalent to that of the CD). But most Play-lists is puttogether by End-User(s) to group songs they have stored in the DigitalContent Libraries on their systems. However for the purposes of theensuing discussions, an example of a custom made music CD is used whenthe term a Play-list is mentioned.

[1111] When the End-User(s) starts the Player Application 195explicitly, rather than having it start up via invocation from the SC(s)Processor 192 Application, it pre-loads to the last Play-list that wasaccessed. If no Play-lists exist in the Digital Content Library 196, thePlay-list editor is started automatically (unless the user has turnedoff this feature via a preference setting). See The Play-list, below forfurther details.

[1112] The Player Application 195 may also be invoked with a specificsong as an argument, in which case it immediately enters Song-play mode.Optionally, the song maybe prepared for play but await action by theEnd-User(s) before proceeding. See Song Play, below for more on thissituation.

[1113] The Play-list (corresponding screen of an End-User Interface1603):

[1114] When the End-User(s) has invoked the Play-list function, theseare the available functions:

[1115] Open Play-list

[1116] Digital Content Librarian is invoked to display a list of storedPlay-lists for selection. Also see Digital Content Librarian below formore info.

[1117] Edit Play-list

[1118] Invokes the Play-list Editor (see below), primed with the currentPlay-list if one has been loaded already. Otherwise the editor createsan empty Play-list to start with.

[1119] Run Play-list

[1120] Songs are played one at a time starting with the selected song(or the beginning of the play-list, if no song is selected). Options setin the Play-list Editor affect the sequencing of the playback. Howeverthere is controls available here to override those options for this playof the Play-list.

[1121] Play song

[1122] Only the selected song from the Play-list is played. See SongPlay below for more info.

[1123] Play-list Info

[1124] Display information about the Play-list.

[1125] Song Info

[1126] Display information about the selected song within the Play-list.

[1127] Visit web site

[1128] Load web site associated with this Play-list into browser.

[1129] Librarian

[1130] Open the Digital Content Librarian window. Also see DigitalContent Librarian below for more info.

[1131] The Play-list Editor (corresponding screen of an End-UserInterface 1603):

[1132] When invoking the Play-list editor, these are the End-User(s)'options:

[1133] View/Load/Delete Play-lists

[1134] Digital Content Librarian is invoked to display a list of storedPlay-lists for selection of one to load or delete. Also see DigitalContent Librarian below for more info.

[1135] Save Play-list

[1136] Current version of Play-list is saved in the Digital ContentLibrary 196.

[1137] Delete Song

[1138] Currently selected song is deleted from Play-list.

[1139] Add Song

[1140] Digital Content Librarian is invoked in song-search mode, forselection of song to add to the Play-list. Also see Digital ContentLibrarian below for more info.

[1141] Set Song Information

[1142] Display and allow changes to information about the selected songwithin the play-list. This information is stored within the Play-list,and does not alter information about the song stored within the DigitalContent Library 196. These things can be changed:

[1143] Displayed Song Title

[1144] End-User(s) notes about the song

[1145] Lead-in delay on playing the song

[1146] Follow-on delay after playing the song

[1147] Start-point within song when playing

[1148] End-point within song when playing

[1149] Weighting for random mode

[1150] Volume adjustment for this song and more.

[1151] Set Play-list attributes: Display and allow changes to theattributes of this Play-list. These attributes may be set:

[1152] Play-list title

[1153] Play-list mode (random, sequential, etc)

[1154] Repeat mode (play once, restart when done, etc)

[1155] End-User(s) notes about this Play-list

[1156] Librarian (corresponding screen of an End-User Interface 1601):

[1157] Open the Digital Content Librarian window. Also see DigitalContent Librarian below for more info.

[1158] Song Play

[1159] When a song has been prepared for play, either by invoking thePlayer Application 195 with the song as an argument or by selecting asong for play from a Play-list or within the Digital Content Librarian,these are the End-User(s)' options: (corresponding screen of an End-UserInterface 1601):

[1160] Play

[1161] Pause

[1162] Stop

[1163] Skip Backward

[1164] Skip Forward

[1165] Adjust Volume

[1166] Adjust Track Position

[1167] View Lyrics

[1168] View Credits

[1169] View CD Cover

[1170] View Artist Picture

[1171] View Track Information

[1172] View other metadata

[1173] Visit web site

[1174] Play-list

[1175] Librarian and more.

[1176] Digital Content Librarian

[1177] The Digital Content Librarian can be invoked implicitly whenselecting songs or Play-lists (see above) or maybe opened in its ownwindow for management of the Song Library on the End-User(s)' system. Inthat case, these are the End-User(s)' options:

[1178] Working with songs:

[1179] Sort All by Artist, Category, Label, other

[1180] Select Songs by Artist, Category, Label, other

[1181] Add selected songs to Current Play-list

[1182] Copy Song to CD (if enabled)

[1183] Delete Song

[1184] Add Song to Category and more.

[1185] Work with Play-lists:

[1186] Sort by Name

[1187] Sort by Category

[1188] Search by Keyword

[1189] Search by Included Song Title

[1190] Load Selected Play-list

[1191] Rename Play-list

[1192] Delete Play-list

[1193] Create CD from Selected Play-list (if enabled) and more.

[1194] 9. Digital Content Library Manager

[1195] As described above, the Player Application 195 manages Content113 in the Digital Content Library 196. The library file structure formanaging the content is now described. FIG. 20 is a functional blockdiagram of the Data Table 2008 stored in fast local memory, typicallyRAM, on an End User Device(s) 109. The DC Library File 196 is retrievedfrom storage and placed into storage while inside a tamper resistantenvironment 2002, such as the tamper resistant environment. The DCLibrary File 196 is run through a decryption process 2004 while beingread or an encryption process 2006 while being written. The Data Table2008 is a row 2012/column 2010 format table. Each column 2010 is anidentifier (ID) to for a particular type of pointer to the portion ofthe Content 113. As shown the exemplary ID (columns) are “pointer toalbum”; “pointer to artist”; “pointer to track”; “pointer to titleA”;“pointer to lyrics” and more. Each one of these pointers for a given row2012 is filled-in. The pointers point to other areas in memory andstorage to contain the data for a given Data Table 2008 entry.

[1196] Continuing further, FIG. 21 is a functional block diagram 2100shows the relationship between the Data Table 2008 stored in memory anda Reference Table 2104 and an Update Reference Table 2110 retrieved fromthe database file. The Reference Table 2102 has Token which is anidentifier used to determine if unauthorized access to the DigitalContent Library 196 occurred as will be explained further below.Following the Token are the Row 1 pointers (ID 1/ROW 1 through ID N/ROW1). Each member on Reference Table 2102 for Row 1 is used to populatethe pointers in Row 1 (2012) of the Data Table 2008. Continuing further,Row 2 (2014) has a series of pointers (ID 1/ROW 2 through ID N/ROW 2)which populate items in Row 2 (2142). This continues up to Row N (ID1/ROW N through ID N/ROW N) which populate the pointers to Row N of theData Table 2008.

[1197] In addition to the entries in the Data Table 2008 other entriesare populated to area that are appended to the Data Table 2008 when anyupdates to the Content 113 in the library are made. For example, theidentical album and song may be re-downloaded. Instead of writing overthe corresponding entries in the Data Table 2008, rows in an AppendedSection 2104 are successively added to the Data Table 2008 to holdpointers to the updated Content. The pointers are populated by one ormore Update Reference Tables A, B, C. Each row is populated with anupdate when one or more elements of a give row have been updated.However, it is important to note that only rows that are to be updatedare in the Update Reference Tables A, B, C. A row not indicated in theUpdate Reference Table is not updated. Accordingly, only members of theData Table 2008 that are updated by a give Update Reference Table arepopulated with pointers in the Appended Section 2104.

[1198] Continuing further, a subsequent update to any of the Content 113which is already part of the Digital Content Library 196 are added toUpdate Reference Table B. As shown here, Update Reference Table Bcontains pointers to populate other members of the Appended Section2104. Likewise, Update Reference Table C contains pointers to the thirdseries of updates in the Appended Section 2104 of Data Table 2008. It isimportant to note that each of the updates as specified by the UpdateReference Tables A, B, C may update one or more rows in the appendedportion of the Data Table as indicated shown. Stated differently, UpdateReference Table C as shown updates many ID entries in ROW 2 but thereare no updates shown for any other Row.

[1199]FIG. 22 are a schema 2200 of hierarchical relationships of theDigital Content Library 196 and the Content, Data, Reference Table, andUpdate Content Files File. As shown, the Digital Content Library 196 hastwo elements:

[1200] Header—2202—used to identify the file format

[1201] DB File—2204

[1202] where the Header 2202 includes:

[1203] Version—2208—used to identify the file format

[1204] Block Size 2210—the size of each row (e.g. row/size indicator) inReference Table 2102

[1205] A high level view of the structure of the DB File 2206 is:

[1206] Content—2212

[1207] repeat Update Content as necessary—2214-2222

[1208] A more detailed description of the Content 2212 is:

[1209] Data—2224

[1210] Reference Table—2226

[1211] Trailer—2228

[1212] Body for each Data Element 2230 is in a length-data format asfollows:

[1213] Length—represents the length of the following data in bytes;

[1214] Data—the data in any format to represent both the Metadata (asfound in the Metadata SC 128) and Content Data (as found in the ContentSC 113);

[1215] Data is encrypted as block for all the fields in a row and lengthis saved in Reference Table 2102.

[1216] Trailer 2138 is a token and may be used for debug and mayinclude:

[1217] Max ID value—This is the max value of ID that has been used, italways grows

[1218] Ref Table Offset—It is offset of the beginning of Ref Table. Itis offset based on the file.

[1219] Previous Body Offset—If it is the first one, it is zero.

[1220] Body Offset—It is offset of the beginning of the body of Content2224. It is offset based on the file.

[1221] timestamp—Random number to identify the last update.

[1222] ref_len—encrypted data length in Reference Table 2102.

[1223] trail_len—encrypted data length in Trailer 2226.

[1224] End Token—This is a redundant data

[1225] It is important to note that the Data between Token and the TimeStamp (not shown) is typically encrypted as one block. The encryption inone embodiment is a string encryption such as RC4, where the length ofthe string is not changed after the encryption. Moreover, when the fileneed to be updated, a new Update Content A through N are appended. Whenreading this file, only the latest data will be used for each sectionthat is identified by ID in Reference Table 2102.

[1226] For each of the Update Content 2114-2222:

[1227] Update Data A—2214

[1228] Update Reference Table A—2146

[1229] Update Trailer A—2148

[1230] Update Data B—2216

[1231] Update Reference Table B—2156

[1232] Update Trailer B—2158

[1233] Update Data C—2218

[1234] Update Reference Table C—2166

[1235] Update Trailer C—2178

[1236] . . . (repeat as necessary)

[1237] Update Data N—2222

[1238] Update Reference Table N—2176

[1239] Update Trailer N—2178

[1240] Each Update Content entry, e.g., Update Content A (2214)-UpdateContent N (2222) has an associated Update Data, Update Reference Tableand Update Trailer (2230-2234). As with the Reference Table 2102, eachUpdate Reference Table A, B, C and N (2246, 2256, 2266, 2276) is used inconjunction with the Update Data A through N (2214, 2216, 2218, 2222).

[1241] Data is encrypted as block for all the fields in a row and lengthis saved in Reference Table 2102.

[1242] The integrity of the Digital Content Library is further providedusing two additional techniques. First, the sequence of “timestamp” inthe Trailer section 2138 guarantees that unauthorized removal of anyupdates from the file are detected. Second, the “timestamp” in the firsttrailer section and the last update trailer section that are saves inthe key database (not shown) guarantees that first content and lastupdate content are tracked. These two techniques ensures the databaseintegrity against unauthorized access by third parties.

[1243] To avoid memory allocation fail, the body section of thereference is encrypted record by record. Where each section in the bodyuses a unique encryption key. The use of unique encryption steps willavoid compromising the cipher table.

[1244] The unique encryption key is based on the combination of a: (1) abase key, and (2) a timestamp. The counter that changes depending onwhich “update content” or the original “content” . Accordingly, eachblock of content or update content has a unique encryption/decryptionkey pair.

[1245]FIG. 23 is flow diagram of the write flow from a Data Table storedin memory to the Digital Content Library File without an Update ContentFiles, according to the present invention. The process begins withgetting a current time stamp as a one of the seed parameters forgenerating a key, steps 2302 and 2304. The process continues withgenerating a unique encryption key for the given content block to bewritten. String encryption such as RC4 is used where the length of theencrypted string is the same as the original non-encrypted string. Asdescribed above the unique encryption key is a combination of: (1) abasekey, and (2) a time stamp, step 2306. Next, the header section iswritten with a row/size indicator which is constant in this embodiment,step 2308. The entire block of content 2212 is encrypted, steps 2310 and2312. The process continues with the writing of the trailer section 2314with a row/size indicator, step 2314. Lastly, the time stamp generatedfor this encrypted block is assigned to the variable T_last which isused to generate the next subsequent key and the process ends on step2318.

[1246] The process flow of FIG. 24 is flow diagram of the write flowfrom a Data Table stored in memory to the Digital Content Library Filewith one or more Update Content Files, according to the presentinvention. The process begins with step 2402 where the previous timestamp generated is used to generate a new time stamp 2402, in step 2404.As before a key is generated and here the key is unique because of theuse of the last time stamp and addition a number to indicate whichupdate number to the content this present update represents. The processcontinues with a pointer moving to the bottom of the file in step 2410,after the content was written. Next the entire update data is encryptedusing the new key. The entire block of update is encrypted, steps 2412and 2414. The process continues with the writing of the trailer section2314 with a row/size indicator, step 2416 and the process ends on step2418.

[1247]FIG. 25 is flow diagram of the read from the Digital ContentLibrary File to a Data Table stored in memory to without an UpdateContent Files, according to the present invention. The process beginswith a base symmetric key being retrieve from a local key database,steps 2502 and 2504. The database file is retrieved and the versionnumber read from the header, step 2506. A test of the version is madeinstep 2508 and if the incorrect version is read then an error messageis displayed and the process flow exits, steps 2510 and 2512. In thecase where the version is correct, the timestamp (T_Last) is read fromsecured storage and T_Last is assigned to T_Cur, step 2514. A newsymmetric key is calculated based on the timestamp (T_Cur) and the BaseKey (Key_base), step 2516. Next, T_Cur is assigned to T_Pre in step2518. The file pointer is then moved back a predetermined distance fromthe end of the database file to read the trailer section, step 2520. Thetrailer section is decrypted using the key generated (Key_Cur), step2522. If the an identifier is not valid, then an error message isdisplayed 2526 and the process exits 2558. An identifier not matching upwould mean that the file is database file was corrupted, perhaps by anunauthorized person trying to gain access. It is important to note thatthe database file is read from the bottom up. This ensures that the morerecent Update Content, if any, is populated first into the Data Table2008 first followed by the older Update Content, if any, followed by theContent. The process continues with a test to determine if there are anyupdate trailer sections, step 2528. If there are no updates to thetrailer section, the library has not had a piece of Content 113downloaded twice, and the process of filling out the Data Table 2008begins. Instep 2530, the Reference Table 2102 is read in based on offsetin the Trailer Section, step 2530. The Reference Table is decryptedbased upon the generated key(Key_Cur), step 2532. Each ID/Row for theData Table 2008 is read in from the Reference Table 2102, step 2534. TheContent 2212 including meta data) is decrypted based on Key_Cur. A testis made to see if the T_Cur matches with T_First in step 2538 todetermine if the decrypting key was compromised. If the decrypting keywas compromised, an error message 2542 is displayed and the processexits in step 2544. In the case where the T_Cur matches T_First, thenthe decrypted Content 2212 is used to fill the Data Table 2008, in step2540 and the process ends in step 2544.

[1248] In the case where there are updates to the trailer sections, theprocess begins with step 2546 where the Update Reference table is readbased on the offset specified in the trailer section 2546. The UpdateReference table based on the Generated Key (Key_Cur). Each AppendedSection 2104 of ID/Row for the Data Table 2007 as Specified in theUpdate Data is read, step 2552 and decrypted in step 2552. The decrypteddata is used to populate the ID/Row offset in the Data Table with theUpdate Date 2554. Next, a new timestamp (T_Cur) based on T_Pre iscalculated and the process continues for each update trailer sectionsfrom the end of the file up through the Content 2212 being decrypted insteps 2530-2544.

[1249] Although a specific embodiment of the invention has beendisclosed, it will be understood by those having skill in the art thatchanges can be made to this specific embodiment without departing fromthe spirit and scope of the invention. The scope of the invention is notto be restricted, therefore, to the specific embodiment, and it isintended that the appended claims cover any and all such applications,modifications, and embodiments within the scope of the presentinvention.

What is claimed is:
 1. A method for forming a data table stored inmemory, the data table forming a library index of storage locations toelectronic digital content, the method comprising the steps of:receiving an encrypted file from storage wherein the file has abeginning, an end and trailer section located just prior to the end;reading a predetermined distance into the file to retrieve an identifierplaced at a predetermined position; decrypting a identifier with a firstdecrypting key; determining if the identifier is valid and if theidentifier is valid then performing the steps of: reading the trailersection from the file; decrypting the trailer section with the firstdecrypting key; determining if the there are any updates in the trailersection and if there are no updates to the trailer section thenperforming the steps of: decrypting a reference table containing one ormore data table location indicators for data items with the firstdecrypting key; decrypting one or data items with the first decryptingkey; and populating the data table with data items at locationsspecified in the reference table with data.
 2. The method according toclaim 1, wherein the step of populating the data table includespopulating the data table in a tamper resistant environment.
 3. Themethod according to claim 1, further comprising the steps of: retrievinga base key from a key database; retrieving a timestamp from the databasefile forming the first decrypting key as a combination of the base keyand the timestamp.
 4. The method according to claim 1, wherein the stepof determining if there are any updates in the trailer section includes;getting an offset to an update reference table; decrypting the updatereference table containing one or more data table location indicatorsfor update data items with the first decrypting key; decrypting one ormore update data items with the first decrypting key; populating thedata table with update data items at locations specified in the updatereference table with the update data.
 5. A method for storing electronicdigital content, the content containing an index to memory addresslocations containing one or more members forming the library, thelibrary index stored in a data table in memory, the data tablecomprising one or more entries with address references to metadata andaddress references to content data for each of the one or more membersforming the library, the method comprising the steps of: writing aheader section comprising a row/size indicator; writing a data sectionimmediately after the header section, the data section comprising one ormore data items represented in a length-data string format, wherein thedata section comprises references to one or more pieces of metadata andcontent data forming the one or more members in the library ofelectronic digital content; writing a reference table sectionimmediately after the data section, the reference table sectioncomprising a plurality of row/column entries, wherein a number ofcolumns forming each row is specified by the row/size indicator andwherein one or more row/column entries in each row of the referencetable represent offsets to each of the one or more pieces of metadataand content data forming the electronic digital content; and writing atrailer section immediately after the reference table section, thetrailer section comprising an offset to the beginning of the referencetable.
 6. The method according to claim 5, wherein the step of writingthe reference table section includes writing a reference table sectionwith an token identifier to determined subsequently if the storedlibrary was altered by a unauthorized party.
 7. The method according toclaim 5, wherein the step of writing the data section immediately afterthe header section includes writing the data section within a tamperresistant environment.
 8. The method according to claim 6, furthercomprising the step of encrypting the data section with a firstencrypting key.
 9. The method according to claim 7, wherein the step ofwriting a reference table section further comprises writing one or moreupdate content sections representing one or more updates to the one ormore members forming the library of electronic digital content, whereineach of the one or more update content sections is written after thetrailer section, and wherein each update content section includes atleast one: update data section, the update data section comprising oneor more updated data items represented in a length-data string formatwherein the data section comprises references to one or more pieces ofupdated metadata and updated content data forming the electronic digitalcontent; update reference table section immediately after the updatedata section, the update reference table section comprising row/columnentries, wherein one or more row/column entries in each row of thereference table represent offsets to each of the one or more pieces ofmetadata and content data forming the electronic digital content; andupdate trailer section immediately after the update reference tablesection, the update trailer section comprising an offset to thebeginning of the update 1reference table.
 10. A method for forming adata table stored in memory, the data table forming a library index ofstorage locations to electronic digital content, the method comprisingthe steps of: retrieving an encrypted file from storage wherein the filehas a beginning, an end and trailer section located just prior to theend; reading from the end of the file, a predetermined distance, to readan identifier placed at a predetermined position; decrypting a tokenwith a first decrypting key; determining if the token is valid and ifthe token is valid then performing the steps of: reading the trailersection from the file; decrypting the trailer section with the firstdecrypting key; determining if the there are any updates in the trailersection and if there are no updates to the trailer section thenperforming the steps of: decrypting a reference table containing one ormore data table location indicators for data items with the firstdecrypting key; decrypting one or data items with the first decryptingkey; and populating the data table with data items at locationsspecified in the reference table with data.
 11. A computer readablemedium containing programming instruction for forming a data tablestored in memory, the data table forming a library index of storagelocations to electronic digital content, the programming instructionscomprising: receiving an encrypted file from storage wherein the filehas a beginning, an end and trailer section located just prior to theend; reading a predetermined distance into the file to retrieve anidentifier placed at a predetermined position; decrypting a identifierwith a first decrypting key; determining if the identifier is valid andif the identifier is valid then performing the steps of: reading thetrailer section from the file; decrypting the trailer section with thefirst decrypting key; determining if the there are any updates in thetrailer section and if there are no updates to the trailer section thenperforming the steps of: decrypting a reference table containing one ormore data table location indicators for data items with the firstdecrypting key; decrypting one or data items with the first decryptingkey; and populating the data table with data items at locationsspecified in the reference table with data.
 12. The computer readablemedium according to claim 11, wherein the programming instruction ofpopulating the data table includes populating the data table in a tamperresistant environment.
 13. The computer readable medium according toclaim 11, further comprising the programming instruction of: retrievinga base key from a key database; retrieving a timestamp from the databasefile forming the first decrypting key as a combination of the base keyand the timestamp.
 14. The computer readable medium according to claim11, wherein the programming instruction of determining if there are anyupdates in the trailer section includes; getting an offset to an updatereference table; decrypting the update reference table containing one ormore data table location indicators for update data items with the firstdecrypting key; decrypting one or more update data items with the firstdecrypting key; populating the data table with update data items atlocations specified in the update reference table with the update data.15. An end user information processing system comprising: a data tablestored in memory, the data table forming a library index of storagelocations to electronic digital content; an encrypted file receivedreceiving from storage wherein the file has a beginning, an end andtrailer section located just prior to the end; an identifier placed at apredetermined distance in the file; a first decrypting key fordecrypting a identifier; means for determining if the identifier isvalid and if the identifier is valid then means for determining if thereare any updates in the trailer section, wherein the trailer section hasbeen decrypted with the first decrypting key section, and if there areany updates in the trailer section then populating the data table withdata items at locations specified in the reference table with data. 16.The end user information processing system according to claim 15,wherein the means for determining if the identifier is valid furtherincludes populating the data table includes populating the data table ina tamper resistant environment.